Rbot.WindowsUpdate
Category: Trojan
Risk:
Severe Risk
* Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.
Description: Rbot is the name of a family of remote access tools, also known as backdoors or worms, used by hackers to control a machine without the owner's knowledge. This group of threats can spread through security exploits, networks, IRC (Internet Relay Chat) servers and sometimes with other malware. Once installed, the RAT allows the attacker to take control of a machinme remotely and execute commands. The machine can be used as a spam relay or to participate in a denial of service (DOS) attack. It can spread through networkked computers. Some variants of the worm cam steal passwords and other data from the infected machine, lower security settings and turn off antivirus programs. Rbot.WindowsUpdate uses file names and registry keys made to look like valid Windows files to deceive victims into thinking they are normal.
Alias: None
Signatures:
process: wuampd.exe: MD5 Hash: 0ef8bef19273f066ffa
process: wuampd.exe: MD5 Hash: ca0d97ce207e89d1258
process: wuampd.exe: MD5 Hash: 9330b709e5651597313
process: wuampd.exe: MD5 Hash: d94b98686e974a550b1
process: wuampd.exe: MD5 Hash: ef1170c2a6ab2db25bd
process: wuampd.exe: MD5 Hash: fc8f4e3a27d995bc238..
Copyright @2006 THR Computer Solutions: Rbot.WindowsUpdate