Taken from: http://www.sophos.com/virusinfo/analyses/w32rbotwx.html
Desciption:
W32/Rbot-WX is a network worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-WX spreads using a variety of techniques including exploiting weak passwords on computers and SQL servers, exploiting operating system vulnerabilities (including DCOM-RPC, LSASS, WebDAV and UPNP) and using backdoors opened by other worms or Trojans.
W32/Rbot-WX can be controlled by a remote attacker over IRC channels. The backdoor component of W32/Rbot-WX can be instructed by a remote user to perform the following functions:
* start an FTP server
* start a Proxy server
* start a web server
* take part in distributed denial of service (DDoS) attacks
* log keypresses
* capture screen/webcam images
* packet sniffing
* port scanning
* download/execute arbitrary files
* start a remote shell (RLOGIN)
The worm copies itself to a file named lsassx.exe in the Windows system folder and creates the following registry entries:
HKCU\Software\Microsoft\OLE\
Windows Taskmanager=
"lsassx.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Windows Taskmanager=
"lsassx.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
Windows Taskmanager=
"lsassx.exe"
Aliases: Backdoor.Win32.IRCBot.y
Affected operating systems: Microsoft Windows Operating Systems
Side effects::
* Allows others to access the computer
* Reduces system security
* Installs itself in the Registry
* Exploits system or software vulnerabilities
To scan your computer for W32/Rbot-WX, please check ARNIT Free Online Virus scanner at http://www.arnit.net/security/tplarnit.php?page=vscan
Desciption:
W32/Rbot-WX is a network worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-WX spreads using a variety of techniques including exploiting weak passwords on computers and SQL servers, exploiting operating system vulnerabilities (including DCOM-RPC, LSASS, WebDAV and UPNP) and using backdoors opened by other worms or Trojans.
W32/Rbot-WX can be controlled by a remote attacker over IRC channels. The backdoor component of W32/Rbot-WX can be instructed by a remote user to perform the following functions:
* start an FTP server
* start a Proxy server
* start a web server
* take part in distributed denial of service (DDoS) attacks
* log keypresses
* capture screen/webcam images
* packet sniffing
* port scanning
* download/execute arbitrary files
* start a remote shell (RLOGIN)
The worm copies itself to a file named lsassx.exe in the Windows system folder and creates the following registry entries:
HKCU\Software\Microsoft\OLE\
Windows Taskmanager=
"lsassx.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Windows Taskmanager=
"lsassx.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
Windows Taskmanager=
"lsassx.exe"
Aliases: Backdoor.Win32.IRCBot.y
Affected operating systems: Microsoft Windows Operating Systems
Side effects::
* Allows others to access the computer
* Reduces system security
* Installs itself in the Registry
* Exploits system or software vulnerabilities
To scan your computer for W32/Rbot-WX, please check ARNIT Free Online Virus scanner at http://www.arnit.net/security/tplarnit.php?page=vscan

on October 26, 2007, 4:44 am
http://bonnyinfermierasex.anticipazionebe.cn/
http://fantasticolesbichemerda.anticipazio.cn/
http://donnelingerie.anticipazio.cn/
http://desideriolesbichedildo.anticipazionebe.cn/
http://congenialsegretariasesso.jbzgsborrareboq.com.cn/
http://nanearrapate.anticipazio.cn/
http://graditolesbicheinculate.jbzgsborrareboq.com.cn/
http://culorotto.anticipazio.cn/
http://amoreasiatichestrip.anticipazionebe.cn/
http://eccellentefighettepompino.jbzgsborrareboq.com.cn/
http://raccontipornograficigratis.anticipazionebe.cn/
http://infermiereputtane.anticipazionebe.cn/
http://carrozzina.anticipazio.cn/
http://collantcalzenudo.anticipazionebe.cn/
http://orgefilm.jbzgsborrareboq.com.cn/
http://pisellineri.anticipazio.cn/
http://fantasticofighettaamore.jbzgsborrareboq.com.cn/
http://spagnolettesex.jbzgsborrareboq.com.cn/
http://studentesseinlingeriegratis.anticipazionebe.cn/
http://videodiscopate.jbzgsborrareboq.com.cn/
http://riservatoragazzefottilo.anticipazio.cn/
http://grasextoasiaticheazione.anticipazio.cn/
http://sensazioneasiatichesex.anticipazio.cn/
http://cuttiestbiondesex.anticipazionebe.cn/
http://ragazzerossegratis.jbzgsborrareboq.com.cn/
http://puisicintakahlilgibran.anticipazio.cn/
http://infermieresborrate.jbzgsborrareboq.com.cn/
http://nubilegransex.anticipazio.cn/
http://femminecaldesex.anticipazio.cn/
http://bambinechescopano.anticipazio.cn/
http://derisiveasiatichedildo.anticipazionebe.cn/
http://giovanitroiettescopate.anticipazio.cn/