Technorati
Digg
Delicious
Reddit
StumbleUpon
Facebook
Yahoo
Twitter
Faves
Newsvine
- Discovered:
- May 21, 2005
- Updated:
- May 21, 2005 7:59:07 AM
- Also Known As:
- W32/Poebot-KF [Sophos], W32/Poebot-KO [Sophos], W32/Poebot-LR [Sophos], W32/Poebot-LQ [Sophos], W32/Poebot-MR [Sophos], W32/Poebot-MS [Sophos], W32/Poebot-MV [Sophos]
- Type:
- Worm
- Infection Length:
- 90,624 bytes
- Systems Affected:
- Windows 98, Windows 95, Windows XP, Windows Me, Windows NT, Windows 2000
- CVE References:
- CVE-2003-0533
W32.Linkbot.M is a worm that exploits the Microsoft Windows LSASS Buffer Overrun Vulnerability (BID 10108) in order to propagate. It also creates a back door on the compromised computer.
Antivirus Protection Dates
- Initial Rapid Release version May 21, 2005
- Latest Rapid Release version May 12, 2012 revision 018
- Initial Daily Certified version May 21, 2005
- Latest Daily Certified version May 13, 2012 revision 007
- Initial Weekly Certified release date May 24, 2005
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
- Wild Level: Low
- Number of Infections: 0 - 49
- Number of Sites: 0 - 2
- Geographical Distribution: Low
- Threat Containment: Easy
- Removal: Easy
Damage
- Damage Level: Medium
- Payload: Opens a back door on the compromised computer.
Distribution
- Distribution Level: Medium
- Ports: Connects on TCP port 6667 and 10324. Listens on TCP port 113.
- Target of Infection: Computers vulnerable to remotely exploitable vulnerabilities.
Writeup By: Hiroshi Shinotsuka
