View Full Version : *new Worm/trojan In The Wild


Andrew
10-20-03, 07:20 PM
AV vendor Sophos is warning of a worm/Trojan package circulating in the wild that exploits flaws in the Microsoft Windows RPCSS service.

The RPCSS vulnerability allows W32/Donk.E, also known as W32/Sdbot.worm, to execute on target computers with system-level privileges.

It copies itself to the Windows system folder as COOL.EXE and NETAPI32.EXE and modifies the registry so it runs each time Windows is started.

A backdoor Trojan component allows a remote intruder to access and control the computer via IRC channels. An attacker would be able to carry out a variety of actions, such as obtain system information, download files, cause a distributed denial-of-service attack and execute programs.

Updated antivirus signatures should detect the worm. http://www.sophos.com/virusinfo/analyses/w32donke.html