[virusinfo] W32/Rbot-AEJ

• From: "Mike" <mikebike@xxxxxxxxx>
• To: virusinfo@xxxxxxxxxxxxx
• Date: Thu, 02 Jun 2005 20:07:00 -0700

From; Sophos Alert System:

Name: W32/Rbot-AEJ
Aliases: Trojan.Win32.Crypt.d
Type: Win32 worm
Date: 3 June 2005

Sophos has issued protection for W32/Rbot-AEJ.

At the time of writing, Sophos has received a small number of
reports of this worm from the wild.

Customers using EM Library, Enterprise Console, PureMessage or
any of our Sophos small business solutions will be automatically
protected at their next scheduled update.


Information about W32/Rbot-AEJ can be found at:
http://www.sophos.com/virusinfo/analyses/w32rbotaej.html

W32/Rbot-AEJ is a network worm with backdoor Trojan functionality for the 
Windows platform. 
The worm copies itself to a file named system.exe in the Windows system folder. 
W32/Rbot-AEJ spreads using a variety of techniques including exploiting weak 
passwords on computers and SQL servers, exploiting operating system 
vulnerabilities (including DCOM-RPC, LSASS, WebDAV and UPNP) and using 
backdoors opened by other worms or Trojans. W32/Rbot-AEJ can also be instructed 
to spread through the AOL Instant Messaging (AIM) application. 
W32/Rbot-AEJ can be controlled by a remote attacker over IRC channels. The 
backdoor component of W32/Rbot-AEJ can be instructed by a remote user to 
perform the following functions: 
start an FTP server
start a Proxy server
start a web server
take part in distributed denial of service (DDoS) attacks
log keypresses
capture screen/webcam images
packet sniffing
port scanning
download/execute arbitrary files
start a remote shell (RLOGIN)
steal product registration information from certain software 
Patches for the operating system vulnerabilities exploited by W32/Rbot-AEJ can 
be obtained from Microsoft at: 
MS01-059
MS03-007
MS04-011
MS04-012 

The W32/Rbot-AEJ virus identity file (IDE) includes detection for:


W32/Rbot-AEO
http://www.sophos.com/virusinfo/analyses/w32rbotaeo.html
Troj/Dloader-OG
http://www.sophos.com/virusinfo/analyses/trojdloaderog.html
Troj/MiniDl-A
http://www.sophos.com/virusinfo/analyses/trojminidla.html
Troj/Bizves-A
http://www.sophos.com/virusinfo/analyses/trojbizvesa.html
W32/Sdranck-G
http://www.sophos.com/virusinfo/analyses/w32sdranckg.html

Customers with 3.xx or lower versions of Sophos Anti-Virus, 
who are not running EM Library, can manually download the IDE
for W32/Rbot-AEJ from:

http://www.sophos.com/downloads/ide/rbot-aej.ide

Read about how to use IDE files at
http://www.sophos.com/support/knowledgebase/article/363.html

*********** MIKE"S REPLY SEPARATOR  ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages  http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance  and OWTA Charter Member 

Other related posts:

• » [virusinfo] W32/Rbot-AEJ
• » [virusinfo] W32/Rbot-AEJ

1. Home
2. virusinfo
3. Archive
4. 06-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---