W32.Dabber.B

Risk Level 2: Low

Printer Friendly Page

Discovered: June 4, 2004

Updated: February 13, 2007 12:24:03 PM

Also Known As: Win32.Dabber.B [Computer Assoc, Net-Worm.Win32.Dabber.c [Kaspe, Exploit-DcomRpc.gen [McAfee], W32/Dabber-C [Sophos], WORM_DABBER.C [Trend Micro]

Type: Worm

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

W32.Dabber.B is a variant of W32.Dabber.A. This worm propagates by exploiting a vulnerability in the FTP server component of W32.Sasser.Worm and its variants.

W32.Dabber.B is based on available exploit code. It installs a backdoor on infected hosts and tries to listen on port 9898. If the attempt fails, W32.Dabber.B tries to listen on ports 9899 through 9999 in sequence until it finds an open port.

This threat is written in C++ and is packed with UPX.

Protection

Initial Rapid Release version June 5, 2004
Latest Rapid Release version July 19, 2008 revision 019
Initial Daily Certified version June 5, 2004
Latest Daily Certified version January 20, 2009 revision 048
Initial Weekly Certified release date June 7, 2004

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

Wild Level: Low
Number of Infections: 0 - 49
Number of Sites: 0 - 2
Geographical Distribution: Low
Threat Containment: Easy
Removal: Moderate

Damage

Damage Level: High

Distribution

Distribution Level: Low

Writeup By: Kevin Ha

Technical Details

Search Threats

Search by name

_{Example: W32.Beagle.AG@mm}