Spybot.YCL - Attacks 7 major unpatched vulnerabilities or other weak security vulnerabilities
This new version of Spybot has to be one of the most comprehensive attacks I've seen today for this large family of viruses. It attacks weak passwords, uses existing backdoor infections, plus attacks through some of the most prominent security vulnerabilities if a system is unpatched.
Spybot.YCL - Attacks 7 major unpatched vulnerabilities or other weak security vulnerabilities
1. Attacks several major security vulnerabilities in unpatched Microsoft, Dameware, and Veritas software:
The Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS03-026).
The Microsoft Windows Local Security Authority Service Remote Buffer Overflow (as described in Microsoft Security Bulletin MS04-011)
The Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS05-039)
The Microsoft Windows ntdll.dll Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS03-007).
The Microsoft Windows SSL Library Denial of Service Vulnerability (described in Microsoft Security Bulletin MS04-011).
The Microsft Windows ASN.1 Vulnerability (as described in Microsoft Security Bulletin MS04-007).
The DameWare Mini Remote Control Server Pre-Authentication Buffer Overflow vulnerability (as described in Bugtraq ID 9213).
The VERITAS Backup Exec Agent Browser Remote Buffer Overflow Vulnerability (as described here).
2. Spreads over network shares and Microsoft SQL server using weak usernames and passwords
3. Spreads to compromised computers by using back doors left behind by other malware such as:
- W32.Mydoom@mm
- W32.Beagle@mm
- Backdoor.Netdevil
- Backdoor.Optix
- Backdoor.Subseven