Discovered: January 22, 2007
Updated: January 22, 2007 8:28:37 PM
Type: Worm
Infection Length: 126,976 bytes
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
W32.Gangbot is a worm that opens a back door and connects to an IRC server. It spreads by searching for vulnerable SQL servers and by sending an HTML link to available contacts on instant messenger programs. It also spreads by exploiting the
Microsoft Internet Explorer Vector Markup Language Buffer Overflow Vulnerability (BID 20096) and
RealVNC Remote Authentication Bypass Vulnerability (BID 17978).
Protection
-
Initial Rapid Release version pending
-
Latest Rapid Release version pending
-
Initial Daily Certified version pending
-
Latest Daily Certified version pending
-
Initial Weekly Certified release date pending
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
-
Wild Level: Low
-
Number of Infections: 0 - 49
-
Number of Sites: 0 - 2
-
Geographical Distribution: Low
-
Threat Containment: Easy
-
Removal: Moderate
Damage
-
Damage Level: Medium
-
Payload Trigger: Opens a back door.
-
Releases Confidential Info: Steals passwords for instant messenger applications.
-
Compromises Security Settings: May stop processes and services, some of which are security-related.
Distribution
-
Distribution Level: Medium
-
Ports: TCP Port 5900
-
Target of Infection: SQL servers, RealVNC servers and instant messenger applications
Writeup By: Liam O Murchu
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
