RBot.win32db
Category: Trojan
Risk:
Severe Risk
* Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.
Description: RBot.win32db is a member of the large RBot family of remote access tools, also known as backdoors or worms, used by hackers to control a machine without the owner's knowledge. This group of threats can spread through security exploits, networks, IRC (Internet Relay Chat) servers and sometimes with other malware. Once installed, RBOT will set itself to run on Windows startup, using names that seem to be Windows Related. RBOT allows the attacker to take control of a machine remotely and execute commands. The machine can be used as a spam relay or to participate in a denial of service (DOS) attack.RBOT can spread through networkked computers. Rbot.win32db has the following characteristics according to (http://www.malwareblog.com/?p=153) Registry - "Run" key NTSF MICROSOFT SYSTEM c:\windows\system32\win32db.exe Propagation - Attacks other hosts on port 135. Connects to IRC server @ 62.75.221.108:6667
Alias: None
Signatures:
process: win32db.exe: MD5 Hash: 6743fa300484285f284..
Copyright @2006 THR Computer Solutions: RBot.win32db