W32.Kobot.B is a worm that spreads through open network shares, telnet, dameware, realserv, VNC, and niprint. This worm also uses three remotely exploitable Windows vulnerabilities to propagate.
The worm can also function as an email relay and as a proxy for HTTP and SOCKS.
The worm uses multiple vulnerabilities to spread, including:
The Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011).
The DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026).
The Microsoft SQL Server Web Task Stored Procedure Privilege Escalation Vulnerability (described in Microsoft Security Bulletin MS02-061).
Technical details can be found at Symantec page.
1/12: Kobot-B Worm Uses 3 Windows Flaws
