Technorati
Digg
Delicious
Reddit
StumbleUpon
Facebook
Yahoo
Twitter
Faves
Newsvine
- Discovered:
- June 2, 2004
- Updated:
- February 13, 2007 12:21:33 PM
- Type:
- Worm
- Systems Affected:
- Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
W32.Kobot.A is a worm that spreads through open network shares, telnet, dameware, realserv, VNC, and niprint. This worm also uses three remotely exploitable Windows vulnerabilities to propagate.
The worm can also function as an email relay and as a proxy for HTTP and SOCKS.
The worm uses multiple vulnerabilities to spread, including:
- The Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011).
- The DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026).
- The Microsoft SQL Server Web Task Stored Procedure Privilege Escalation Vulnerability (described in Microsoft Security Bulletin MS02-061).
Antivirus Protection Dates
- Initial Rapid Release version June 2, 2004
- Latest Rapid Release version March 2, 2011 revision 009
- Initial Daily Certified version June 2, 2004
- Latest Daily Certified version March 2, 2011 revision 019
- Initial Weekly Certified release date June 2, 2004
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
- Wild Level: Low
- Number of Infections: 0 - 49
- Number of Sites: 0 - 2
- Geographical Distribution: Low
- Threat Containment: Easy
- Removal: Easy
Damage
- Damage Level: Medium
Distribution
- Distribution Level: Medium
Writeup By: Kevin Ha
