![]() W32/Agobot-FO can also be used to initiate denial-of-service (DoS) and synflood/httpflood/udpflood attacks against remote systems. This worm will attempt to test the available bandwidth by posting data to the following sites: This worm can also exploit the DCOM vulnerability on unpatched systems and manipulate registry keys. W32/Agobot-FO can sniff HTTP, VULN, ICMP, FTP and IRC network traffic and steal data from them. For this purpose, the file is loaded into the main memory (RAM) and runs there as a W32/Agobot Worm process (also called a task). If you start the software W32/Agobot Worm on your PC, the commands contained in csrs.exe will be executed on your PC. This worm will search for shared folders on the internet with weak passwords and copy itself into them. The csrs.exe is an executable file on your computer's hard drive. W32/Agobot-FO will attempt to terminate anti-virus and software firewall processes, in addition to other viruses, worms or Trojans. This worm may attempt to polymorph on install in order to evade detection. HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\ ![]() ![]() HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ This worm will move itself into the Windows System32 folder under the filename CTFMOND.EXE, and create the following registry entries so that it can execute automatically on system restart: W32/Agobot-FO is an IRC backdoor Trojan and peer-to-peer (P2P) worm which opens TCP ports to listen for and process commands received from a remote intruder.
0 Comments
Leave a Reply. |