|
|
Rubrik: World-wide News/Products & News Security Alert: Attack Could Pose a Serious Security Threat Event Indicates Backdoor Activity (13.07.09)
- Severity: High - This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
Anzeige
Description: This
event indicates backdoor activity associated with the W32.Mydoom.A@mm worm.Additional InformationW32.Mydoom.A@mm is a
mass-mailing worm that arrives as an attachment with the file extension .bat,
.cmd, .exe, .pif, .scr, or .zip. When a computer is infected, the worm will set up a backdoor into the system by opening TCP ports 3127 through 3198, which can potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network resources. In addition, the backdoor can download and execute arbitrary files. The worm
will perform a Denial of Service (DoS) starting on NOTE:
This worm is also known as Novarg, Win32.Mydoom.A, Win32/Shimg, or WORM_MIMAIL.R. It has been observed that the worms W32.Gaobot and W32.RXBot are exploiting this issue to propagate. Affected
·
Microsoft Windows 2000 Advanced Server SP1, SP2, SP3, SP4
·
Microsoft Windows 2000 Datacenter Server SP1, SP2, SP3, SP4
·
Microsoft Windows 2000 Professional SP1, SP2, SP3, SP4
·
Microsoft Windows 2000 Resource Kit
·
Microsoft Windows 2000 Server SP1, SP2, SP3, SP4
·
Microsoft Windows 2000 Server Japanese Edition
·
Microsoft Windows 2000 Terminal Services SP1, SP2, SP3, SP4
·
Microsoft Windows 2000 Workstation rev.2031, rev.2072, rev.2195, SP1, SP2, SP3
·
Microsoft Windows 95 Build 490.R6, j, SP1, SR2
·
Microsoft Windows 98 a, b, j, SP1
·
Microsoft Windows 98 With Plus! Pack
·
Microsoft Windows 98SE
·
Microsoft Windows CE 2.0, 3.0, 4.2
·
Microsoft Windows ME
·
Microsoft Windows NT 3.5, 3.5.1, 3.5.1 SP1, 3.5.1 SP2, 3.5.1 SP3, 3.5.1 SP4, 3.5.1 SP5, 3.5.1 SP5 alpha, 4.0, 4.0 alpha, 4.0 SP1, 4.0 SP1 alpha, 4.0 SP2, 4.0 SP2 alpha, 4.0 SP3, 4.0 SP3 alpha, 4.0 SP4, 4.0 SP4 alpha, 4.0 SP5, 4.0 SP5 alpha, 4.0 SP6, 4.0 SP6 alpha, 4.0 SP6a, 4.0 SP6a alpha
·
Microsoft Windows NT 4.0 Option Pack
·
Microsoft Windows NT
·
Microsoft Windows NT Server 4.0, 4.0 SP1, 4.0 SP2, 4.0 SP3, 4.0 SP4, 4.0 SP5, 4.0 SP6, 4.0 SP6a
·
Microsoft Windows NT Terminal Server 4.0, 4.0 alpha, 4.0 SP1, 4.0 SP2, 4.0 SP3, 4.0 SP4, 4.0 SP5, 4.0 SP6, 4.0 SP6a
·
Microsoft Windows NT Workstation 4.0, 4.0 SP1, 4.0 SP2, 4.0 SP3, 4.0 SP4, 4.0 SP5, 4.0 SP6, 4.0 SP6a
·
Microsoft Windows Server 2003 Datacenter Edition SP1, SP1 Beta 1
·
Microsoft Windows Server 2003 Datacenter Edition Itanium SP1, SP1 Beta 1
·
Microsoft Windows Server 2003 Datacenter x64 Edition
·
Microsoft Windows Server 2003
·
Microsoft Windows Server 2003
·
Microsoft Windows Server 2003
·
Microsoft Windows Server 2003 Standard Edition SP1, SP1 Beta 1
·
Microsoft Windows Server 2003 Standard x64 Edition
·
Microsoft Windows Server 2003 Web Edition SP1, SP1 Beta 1
·
Microsoft Windows Vista beta
·
Microsoft Windows XP
·
Microsoft Windows XP 64-bit Edition SP1
·
Microsoft Windows XP 64-bit Edition Version 2003 SP1
·
Microsoft Windows XP Embedded SP1
·
Microsoft Windows XP Home SP1, SP2
·
Microsoft Windows XP
·
Microsoft Windows XP Professional SP1, SP2
·
Microsoft Windows XP Professional x64 Edition
·
Microsoft Windows XP Tablet PC Edition SP1, SP2 Response
·
Manually remote the worm from any infected system.
·
Instructions are available at the Symantec Security Response web site.Possible False PositivesThere
are no known false positives associated with this signature.Additional
ReferencesSymantec Security Response: W32.Gaobot
·
Symantec Security Response Writeup: W32 Novarg Worm · Symantec Security Response: W32.RxBot (Symantec: ra) |
||
|
