6/12: Rbot-GRB Worm Exploits Multiple Flaws
W32/Rbot-GRB is a worm with IRC backdoor functionality for the Windows platform.
W32/Rbot-GRB runs continuously in the background, providing a backdoor server that allows a remote intruder to gain access and control over the computer via IRC channels.
- to computers vulnerable to common exploits, including: RPC-DCOM (MS04-012), ASN.1 (MS04-007), RealVNC (CVE-2006-2369) and Symantec (SYM06-010)
- to network shares protected by weak passwords
W32/Rbot-GRB includes functionality to
- download, install and run new software.
- terminate processes related to anti-malware software.
More information can be found at this Sophos page.