RBot.MPWE
Category: Trojan
Risk:
Severe Risk
* Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.
Description: RBot.MPWE hides itslef as Windows Media Player. RBot.MPWE can be controlled by a remote attacker over IRC channels. RBot.MPWE spreads using a variety of techniques including exploiting weak passwords on computers and SQL servers, exploiting operating system vulnerabilities (including DCOM-RPC, LSASS, WebDAV and UPNP) and using backdoors opened by other worms or Trojans. The backdoor component of RBot.MPWE can be instructed by a remote user to perform the following functions: start an FTP server start a Proxy server start a web server take part in distributed denial of service (DDoS) attacks log keypresses capture screen/webcam images packet sniffing port scanning download/execute arbitrary files start a remote shell (RLOGIN)
Alias: Rbot-TT
Signatures:
process: mpwe.exe: MD5 Hash: fd6faae9464af5a7ccf..
Copyright @2006 THR Computer Solutions: RBot.MPWE