The Web    Google
4/7: Rbot-AAF Worm Hits Network Shares

4/7: Rbot-AAF Worm Hits Network Shares
April 7, 2005

W32/Rbot-AAF is a network worm that attempts to spread via network shares. The worm contains backdoor functions that allow unauthorized remote access to the infected computer via IRC channels while running in the background.

The worm spreads to network shares with weak passwords and also by using the LSASS security exploit (MS04-011), RPC-DCOM security exploit (MS03-039) and the WebDav security exploit (MS03-007).

Once installed, W32/Rbot-AAF will attempt to partake in distributed denial of service (DDoS) attacks, download and run files from the Internet, steal CD keys, log keystrokes and login to MS SQL servers and send EXEC commands to open a command shell when instructed to do so by a remote attacker.

W32/Rbot-AAF may try to exploit backdoors and vulnerabilities used by the MyDoom family of worms.

More information can be found at Sophos page.

  • A Spec to Spike Spam?
  • 4/4: Mytob-C Worm Looks For Flaw
  • 5/2: LegMir-DR a Password-Stealing Trojan
  • Netsky-C Hammers U.S. and U.K.
  • Disaster Recovery Vs. Business Continuity
  • 6/4: Agobot.300544 a Memory Resident
  • 11/30: SymbOS/Skulls-B is a Trojan
  • 4/22: CashGrab-A Hits Bank Customers
  • 4/8: Mytob-AB Worm Comes as Attachment
  • One in Three Companies Lack Disaster Recovery Strategy
  • 4/4: Mytob-C Worm Looks For Flaw
  • Cheap Security Camera