W32/Kassbot-E is a network worm with backdoor component. W32/Kassbot-E will send an email to a pre-defined email address containing system information from the infected computer.

W32/Kassbot-E will monitor a user's internet access. When certain internet banking and finance sites are accessed, the worm will redirect the user to a Russian website with fake login pages or email the stolen details to a Russian email address.

W32/Kassbot-E will attempt to spread by exploiting the following vulnerabilities: LSASS (MS04-011 ).


W32/Kassbot-E will connect to an IRC server and provide backdoor access to the infected computer.

W32/Kassbot-E will drop and load a DLL named XEE32.DLL. This file is detected as W32/Kassbot-C.

More information can be found at this Sophos page.