The Web    Google
9/22: Agobot-XJ Worm Exploits Mic Flaws

9/22: Agobot-XJ Worm Exploits Mic Flaws
September 22, 2004

Worm_Agobot.XJ is a memory-resident worm that is another variant of the AGOBOT family that exploits several Microsoft vulnerabilities. They are discussed in the following pages:

  • Microsoft Security Bulletin MS01-059
  • Microsoft Security Bulletin MS02-061
  • Microsoft Security Bulletin MS03-026
  • Microsoft Security Bulletin MS03-007
  • Microsoft Security Bulletin MS04-011

    It can also use the backdoor capabilities of some malware to propagate into accessible systems.

    This worm propagates through network shares, and drops a copy of itself as SYSCONF.EXE in the Windows system folder. It uses a list of user names and passwords to gain access to shared folders.

    It acts as a server program controlled by an Internet Relay Chat (IRC) bot, thus capable of certain backdoor activities. It is also capable of stealing the CD keys of popular Windows-based applications and terminating certain programs. This worm also is capable of launching denial of service (DDoS) attacks.

    It runs on Windows NT, 2000 and XP.

    Technical details are at Trend Micro page.

  • China Backs Down on WAPI Deadline
  • 1/10: VBS/Mcon-G Worm Spreads Via IRC
  • ActivCard Enhances Authentication for Remote Access Over Web
  • 3/1: Bagle-BE Worm a 'Medium Risk Alert'
  • Botnets: Who Really ''Owns'' Your Computers?
  • 5/20: Mytob-EU Worm Drops Copy
  • 5/19: Viperik-A Trojan Deletes Files & Info
  • Symantec Offers Enhanced Portal for Enterprises
  • AntiOnline Spotlight: Network Security Made Easy?
  • 7/23: Dluca-CQ an Adware Application
  • Home Users: IT's Cross to Bear
  • Security Camera Companies and products