1. /
  2. Security Response/
  3. W32.Linkbot.M


Risk Level 1: Very Low

May 21, 2005
May 21, 2005 7:59:07 AM
Also Known As:
W32/Poebot-KF [Sophos], W32/Poebot-KO [Sophos], W32/Poebot-LR [Sophos], W32/Poebot-LQ [Sophos], W32/Poebot-MR [Sophos], W32/Poebot-MS [Sophos], W32/Poebot-MV [Sophos]
Infection Length:
90,624 bytes
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
CVE References:
W32.Linkbot.M is a worm that exploits the Microsoft Windows LSASS Buffer Overrun Vulnerability (BID 10108) in order to propagate. It also creates a back door on the compromised computer.

Antivirus Protection Dates

  • Initial Rapid Release version May 21, 2005
  • Latest Rapid Release version February 4, 2015 revision 006
  • Initial Daily Certified version May 21, 2005
  • Latest Daily Certified version February 4, 2015 revision 017
  • Initial Weekly Certified release date May 24, 2005
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment


  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy


  • Damage Level: Medium
  • Payload: Opens a back door on the compromised computer.


  • Distribution Level: Medium
  • Ports: Connects on TCP port 6667 and 10324. Listens on TCP port 113.
  • Target of Infection: Computers vulnerable to remotely exploitable vulnerabilities.
Note: On May 14, 2015, modifications will be made to the threat write-ups to streamline the content. The Threat Assessment section will no longer be published as this section is no longer relevant to today's threat landscape. The Risk Level will continue to be the main threat risk assessment indicator.
Writeup By: Hiroshi Shinotsuka

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report