W32.Spybot.Worm

W32.Spybot.WormAliases and Variants

W32.Spybot.Worm is a detection for a family of worms that spreads using the Kazaa file-sharing network and mIRC. This worm can also spread to computers that are compromised by common back door Trojan horses and on network shares protected by weak passwords.
W32.Spybot.Worm can perform various actions by connecting to a configurable IRC server and joining a specific channel to listen for instructions.

W32.Spybot.Worm Exploits


W32.Spybot.Worm also spreads by exploiting the following vulnerabilities:

      * Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability using TCP port 135.       * Microsoft Windows LSASS Buffer Overrun Vulnerability .       * Microsoft SQL Server 2000 or MSDE 2000 audit using UDP port 1434.       * Microsoft Windows WebDAV Buffer Overflow Vulnerability using TCP port 80.       * Microsoft UPnP NOTIFY Buffer Overflow Vulnerability.       * Microsoft Workstation Service Buffer Overrun Vulnerability using TCP port 445.       * Windows XP users are protected against this vulnerability if the patch in Microsoft Security Bulletin MS03-043 has been applied. Windows 2000 users must apply the patch in Microsoft Security Bulletin MS03-049.       * Microsoft Windows SSL Library Denial of Service Vulnerability.       * VERITAS Backup Exec Agent Browser Remote Buffer Overflow Vulnerability.       * Microsoft Windows Plug and Play Buffer Overflow Vulnerability.       * Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability.       * Microsoft .NET Framework PE Loader Remote Buffer Overflow Vulnerability.       * Symantec Client Security and Symantec AntiVirus Elevation of Privilege.

Threat AliasNumber of Incidents
W32/Sdbot.worm [McAfee]501
Generic.dx [McAfee]365
Mal/Generic-A [Sophos]259
Backdoor.Win32.Rbot.gen [Kaspersky Lab]252
Win32/IRCBot.worm.variant [AhnLab]223
W32/Sdbot.worm.gen.g [McAfee]204
Backdoor:Win32/Rbot [Microsoft]198
W32/Sdbot.worm.gen.a [McAfee]181
Backdoor.IRCBot!sd6 [PC Tools]164
Trojan.Win32.Crypt [Ikarus]163
Trojan.Win32.Crypt.aqt [Kaspersky Lab]160
Worm.Akbot.Gen [PC Tools]131
Virus.Win32.Rbot [Ikarus]124
Backdoor.Rbot [Ikarus]120
W32/Sdbot.worm.gen.x [McAfee]117
Worm:Win32/Pushbot.gen [Microsoft]117
Generic PWS.y [McAfee]114
Backdoor:Win32/Rbot.gen [Microsoft]113
WORM_SPYBOT.GEN [Trend Micro]111
W32/Rbot-GSL [Sophos]109
Worm.Rbot.MCG [PC Tools]106
Virus.Win32.IRCBot.BSX [Ikarus]95
WORM_RBOT.GEN-1 [Trend Micro]81
Trojan.Crypt!sd6 [PC Tools]80
W32/Virut.gen [McAfee]79
WORM_RBOT.GEN [Trend Micro]79
Backdoor.SpyBoter [PC Tools]78
BKDR_RBOT.ASA [Trend Micro]75
Win-Trojan/Xema.variant [AhnLab]71
Generic BackDoor [McAfee]65
Backdoor.Rbot!sd5 [PC Tools]64
Troj/Agent-JKY [Sophos]64
Worm.RBot.Gen.14 [PC Tools]63
Backdoor.Win32.Rbot.aeu [Kaspersky Lab]62
Backdoor.Win32.SdBot.eba [Kaspersky Lab]61
WORM_SDBOT.GAV [Trend Micro]61
W32/Sdbot.worm.gen.h [McAfee]60
Backdoor.Win32.Rbot.aea [Kaspersky Lab]59
Backdoor.Win32.Rbot.aus [Kaspersky Lab]57
Virus.Win32.Virut.n [Kaspersky Lab]57
VirTool:Win32/CeeInject.gen!J [Microsoft]56
Packed/Themida [PC Tools]54
W32/Sdbot.worm.gen [McAfee]54
W32/Virut.gen.a [McAfee]53
Trojan:Win32/Ircbrute [Microsoft]51
W32/Sdbot.worm.gen.ci [McAfee]49
Worm.RBot.Gen.16 [PC Tools]49
Backdoor.Win32.IRCBot.gen [Kaspersky Lab]48
Mal/Behav-285 [Sophos]46
New Malware.bl [McAfee]46
Mal/Packer [Sophos]45
VirTool.Win32.CeeInject [Ikarus]42
Backdoor.IRCBot!sd5 [PC Tools]41
Win32.Virut.Gen [PC Tools]41
Backdoor.Win32.EggDrop.v [Kaspersky Lab]40
AdWare.BHO [Ikarus]39
Backdoor.SdBot!sd5 [PC Tools]39
Backdoor.Win32.SdBot [Ikarus]39
Win32/IRCBot.worm.Gen [AhnLab]39
Backdoor:Win32/Poebot.gen [Microsoft]38
Worm.IRCBot.UXP [PC Tools]38
W32/Gaobot.worm.gen.u [McAfee]37
Backdoor.Rbot.Gen [PC Tools]35
Generic BackDoor.k [McAfee]35
Generic Downloader.x [McAfee]34
Win32.Virut.Gen.4 [PC Tools]34
Backdoor.Rbot [PC Tools]33
Backdoor.Win32.IRCBot [Ikarus]33
W32/Sdbot.worm.gen.ca [McAfee]33
PE_VIRUT.AV [Trend Micro]32
W32/Spybot.worm.gen [McAfee]32
Worm.Kolab.xc [PC Tools]32
Worm.RBot.UPX [PC Tools]32
Net-Worm.Win32.Kolab [Ikarus]31
WORM_GAOBOT.DF [Trend Micro]31
Backdoor.Win32.Ciadoor.gn [Kaspersky Lab]30
StartPage-KG [McAfee]29
TROJ_XPACK.TY [Trend Micro]29
Backdoor.Win32.SdBot.aad [Kaspersky Lab]28
BKDR_MYBOT.AH [Trend Micro]28
Exploit-DcomRpc.gen [McAfee]28
New Malware.b [McAfee]28
Trojan-Dropper.Agent [Ikarus]28
Backdoor.Win32.Rbot.bqj [Kaspersky Lab]27
Trojan.Win32.Buzus [Ikarus]27
W32/Sdbot.worm.gen.ax [McAfee]26
Net-Worm.Win32.Kolab.bdk [Kaspersky Lab]25
PE_VIRUT.D [Trend Micro]25
W32/Sdbot.worm.gen.as [McAfee]25
Worm.Rbot.ABCC [PC Tools]24
Trojan.Obfuscated.QB [PC Tools]23
Trojan.Win32.Obfuscated.hf [Kaspersky Lab]23
Mal/EncPk-DM [Sophos]22
Virus.Win32.Virut.av [Kaspersky Lab]22
Virus.Win32.Virut.q [Kaspersky Lab]22
Worm.RBot.Gen.23 [PC Tools]22
Backdoor.SdBot [PC Tools]21
Packed.Win32.Black.a [Kaspersky Lab]21
Trojan-Downloader.Win32.Agent.bl [Kaspersky Lab]21
W32/IRCbot.gen.a [McAfee]21