W32/Rbot-AAF is a network worm that attempts to spread via network shares. The worm contains backdoor functions that allow unauthorized remote access to the infected computer via IRC channels while running in the background.
The worm spreads to network shares with weak passwords and also by using the LSASS security exploit (MS04-011), RPC-DCOM security exploit (MS03-039) and the WebDav security exploit (MS03-007).
Once installed, W32/Rbot-AAF will attempt to partake in distributed denial of service (DDoS) attacks, download and run files from the Internet, steal CD keys, log keystrokes and login to MS SQL servers and send EXEC commands to open a command shell when instructed to do so by a remote attacker.
W32/Rbot-AAF may try to exploit backdoors and vulnerabilities used by the MyDoom family of worms.
More information can be found at Sophos page.
4/7: Rbot-AAF Worm Hits Network Shares
