1. Symantec/
  2. Security Response/
  3. W32.Rinbot.L

W32.Rinbot.L

Risk Level 2: Low

Discovered:
February 28, 2007
Updated:
March 1, 2007 6:32:53 PM
Also Known As:
WORM_RINBOT.F [Trend], W32/Sdbot.worm!678b37ba [McAfee], W32/Delbot-P [Sophos]
Type:
Worm
Infection Length:
213,504 bytes
Systems Affected:
Windows
CVE References:
CVE-2006-3439, CVE-2006-2630
W32.Rinbot.L is a worm that spreads through network shares and by exploiting vulnerabilities. It also opens a back door on the compromised computer.

NOTE:

  • This worm attempts to exploit a previously addressed vulnerability in Symantec Client Security and Symantec Antivirus, (SYM06-010; BID 18107); patches for the particular Symantec product vulnerability have been available since Thursday, May 25th, 2006. As a result, customers who have applied the patch in their environment are unaffected by the worm's attempt to leverage the Symantec vulnerability for an attack. Customers running Symantec Client Security or Symantec intrusion prevention (IPS) capable products are protected against all known and unknown exploits of Symantec Client Security and Symantec AntiVirus Elevation of Privilege (SYM06-010; BID 18107)via IPS signatures released on May 26th, 2006.
  • Symantec highly recommends that users of the affected products patch their systems as soon as they are able to help avoid the spread of this particular worm family. If systems are infected with W32.Rinbot.L and this security patch has not been applied please read the document, Attempting to migrate from 10.x to a newer version fails after becoming infected with a worm which exploits SYM06-010.
  • IPS signatures against all known and unknown exploits of the Symantec Client Security and Symantec AntiVirus Elevation of Privilege (SYM06-010; BID 18107) were released on May 26, 2006.

Antivirus Protection Dates

  • Initial Rapid Release version March 1, 2007
  • Latest Rapid Release version August 20, 2008 revision 017
  • Initial Daily Certified version March 1, 2007
  • Latest Daily Certified version August 20, 2008 revision 016
  • Initial Weekly Certified release date March 7, 2007
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Fergal Ladley

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube