The Web    Google
1/12: Kobot-B Worm Uses 3 Windows Flaws

1/12: Kobot-B Worm Uses 3 Windows Flaws
January 12, 2005

W32.Kobot.B is a worm that spreads through open network shares, telnet, dameware, realserv, VNC, and niprint. This worm also uses three remotely exploitable Windows vulnerabilities to propagate.

The worm can also function as an email relay and as a proxy for HTTP and SOCKS.

The worm uses multiple vulnerabilities to spread, including:

The Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011).
The DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026).
The Microsoft SQL Server Web Task Stored Procedure Privilege Escalation Vulnerability (described in Microsoft Security Bulletin MS02-061).

Technical details can be found at Symantec page.

  • 2/21: MyDoom-BE Worm Harvests Addresses
  • 3/25: Sdbot-WG a Worm and IRC Trojan
  • Immunize Your Servers Against Attack
  • Wi-Fi Planet Toronto: Security Taking Hold
  • 12/28: W97M.Dinela a Macro Virus
  • New Spam Scam Exploits Pope's Death
  • Home Users: IT's Cross to Bear
  • AOL's AIM Puts Browser Security in Danger
  • 11/1: Bagle-BE Worm Opens TCP Port
  • Trolling For Anti-Phishing Laws
  • Check Point Directing Security to Web Applications, End Points
  • Security Camera Industry Information