需要修复电脑?
聘请专家
Virus:Worm/Rbot.gen
Date discovered:25/01/2007
Type:Worm
In the wild:No
Reported Infections:Low
Distribution Potential:Medium
Damage Potential:Medium
Static file:No
Engine version:7.03.00.32

 General Methods of propagation:
   • Local network
   • Mapped network drives

Similar detection:
   •  Worm/Sdbot.gen


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Registry modification
   • Makes use of software vulnerability
   • Third party control

 Special detection  Worm/Rbot.gen

Description:
A generic detection routine designed to detect common family characteristics shared in several variants.

This special detection routine was developed in order to detect unknown variants and will be enhanced continuously.


Version history:
The following engine updates were released in order to enhance detection:

   •  7.03.00.32   ( 25/01/2007 )
   •  7.04.01.66   ( 29/08/2007 )
   •  7.06.00.27   ( 18/10/2007 )
   •  7.06.00.53   ( 24/01/2008 )
   •  7.06.00.67   ( 14/02/2008 )
   •  7.09.00.70   ( 30/01/2009 )
   •  7.09.00.79   ( 13/02/2009 )
   •  7.09.00.83   ( 17/02/2009 )
   •  7.09.00.138   ( 03/04/2009 )
   •  7.09.01.204/8.02.01.204   ( 26/03/2010 )
   •  7.09.01.220/8.02.01.220   ( 15/04/2010 )

 IRC – This malware has the ability to collect and send information such as:
    • Cached passwords
    • Capture screen
    • Capture shot from webcam
    • CPU speed
    • Current user
    • Free disk space
    • Free memory
    • Malware uptime
    • Information about the network
    • Information about running processes
    • Size of memory
    • Information about the Windows operating system


– Furthermore it has the ability to perform actions such as:
    • connect to IRC server
    • Launch DDoS ICMP flood
    • Launch DDoS SYN flood
    • Launch DDoS TCP flood
    • Launch DDoS UDP flood
    • Disable DCOM
    • Disable network shares
    • disconnect from IRC server
    • Download file
    • Edit registry
    • Enable DCOM
    • Enable network shares
    • Execute file
    • Join IRC channel
    • Kill process
    • Leave IRC channel
    • Open remote shell
    • Perform DDoS attack
    • Perform network scan
    • Perform port redirection
    • Restart system
    • Send emails
    • Start keylog
    • Start spreading routine
    • Terminate process
    • Updates itself
    • Upload file
    • Visit a website

说明添加者: Andrei Ivanes 打开 2007年10月18日星期四
说明更新者: Andrei Ivanes 打开 2010年6月29日星期二

反馈 . . . .
https:// 为了你的安全,此窗口已加密。