5/22: Rbot-GPL Worm and Backdoor Spreads Multiple Ways
W32/Rbot-GPL is a network worm and IRC backdoor for the Windows platform.
- to computers vulnerable to common exploits, including: SRVSVC (MS06-040), RPC
-DCOM (MS04-012), ASN.1 (MS04-007), RealVNC (CVE-2006-2369) and Symantec (SYM06-010)
- to MSSQL servers protected by weak passwords
- to network shares protected by weak passwords
The following patches for the operating system vulnerabilities exploited by the worm can be obtained from the Microsoft website:
More information can be found at this Sophos page.