The Web    Google
5/11: Rbot-ACH Worm Spreads Via Shares

5/11: Rbot-ACH Worm Spreads Via Shares
May 11, 2005

W32/Rbot-ACH is a Windows network worm that attempts to spread via network shares. The worm contains backdoor functions that allows unauthorized remote access to the infected computer via IRC channels while running in the background.

The worm spreads to network shares with weak passwords and also by using the following operating system vulnerabilities:

LSASS (MS04-011)
RPC-DCOM (MS04-012)
WebDav (MS03-007)
IIS5SSL (MS04-011) (CAN-2003-0719)
MSSQL (MS02-039) (CAN-2002-0649)
UPNP (MS01-059)
Dameware (CAN-2003-1030)

The worm may also spread via backdoors left open by other Trojans and worms.

The following patches for the operating system vulnerabilities exploited by W32/Rbot-ACH can be obtained from the Microsoft website:


More information can be found at Sophos page.

  • 2/21: MyDoom-BC an Email Worm for Windows
  • 9/22: Agobot-XJ Worm Exploits Mic Flaws
  • IM Threat Center Formed
  • Free! Expert Help Fixing Your Top Security Problems
  • 2/21: MyDoom-BE Worm Harvests Addresses
  • 12/6: Atak-B a Mass-Mailing Worm
  • Soft on the Inside
  • 1/18: Zar Worm Sends Tsunami Email
  • Locking Up All of That 'Free Information'
  • AntiOnline Security Spotlight: CD-Wrecker
  • 3/15: Agobot-QV Worm Hooks to IRC Server
  • Security Camera News