W32/Rbot-GRB is a worm with IRC backdoor functionality for the Windows platform.

W32/Rbot-GRB runs continuously in the background, providing a backdoor server that allows a remote intruder to gain access and control over the computer via IRC channels.

W32/Rbot-GRB spreads:


- to computers vulnerable to common exploits, including: RPC-DCOM (MS04-012), ASN.1 (MS04-007), RealVNC (CVE-2006-2369) and Symantec (SYM06-010)
- to network shares protected by weak passwords

W32/Rbot-GRB includes functionality to
- download, install and run new software.
- terminate processes related to anti-malware software.

More information can be found at this Sophos page.