Taken from: http://www.sophos.com/virusinfo/analyses/w32rbotwx.html
Desciption:
W32/Rbot-WX is a network worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-WX spreads using a variety of techniques including exploiting weak passwords on computers and SQL servers, exploiting operating system vulnerabilities (including DCOM-RPC, LSASS, WebDAV and UPNP) and using backdoors opened by other worms or Trojans.
W32/Rbot-WX can be controlled by a remote attacker over IRC channels. The backdoor component of W32/Rbot-WX can be instructed by a remote user to perform the following functions:
* start an FTP server
* start a Proxy server
* start a web server
* take part in distributed denial of service (DDoS) attacks
* log keypresses
* capture screen/webcam images
* packet sniffing
* port scanning
* download/execute arbitrary files
* start a remote shell (RLOGIN)
The worm copies itself to a file named lsassx.exe in the Windows system folder and creates the following registry entries:
HKCU\Software\Microsoft\OLE\
Windows Taskmanager=
"lsassx.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Windows Taskmanager=
"lsassx.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
Windows Taskmanager=
"lsassx.exe"
Aliases: Backdoor.Win32.IRCBot.y
Affected operating systems: Microsoft Windows Operating Systems
Side effects::
* Allows others to access the computer
* Reduces system security
* Installs itself in the Registry
* Exploits system or software vulnerabilities
To scan your computer for W32/Rbot-WX, please check ARNIT Free Online Virus scanner at http://www.arnit.net/security/tplarnit.php?page=vscan
Desciption:
W32/Rbot-WX is a network worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-WX spreads using a variety of techniques including exploiting weak passwords on computers and SQL servers, exploiting operating system vulnerabilities (including DCOM-RPC, LSASS, WebDAV and UPNP) and using backdoors opened by other worms or Trojans.
W32/Rbot-WX can be controlled by a remote attacker over IRC channels. The backdoor component of W32/Rbot-WX can be instructed by a remote user to perform the following functions:
* start an FTP server
* start a Proxy server
* start a web server
* take part in distributed denial of service (DDoS) attacks
* log keypresses
* capture screen/webcam images
* packet sniffing
* port scanning
* download/execute arbitrary files
* start a remote shell (RLOGIN)
The worm copies itself to a file named lsassx.exe in the Windows system folder and creates the following registry entries:
HKCU\Software\Microsoft\OLE\
Windows Taskmanager=
"lsassx.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Windows Taskmanager=
"lsassx.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
Windows Taskmanager=
"lsassx.exe"
Aliases: Backdoor.Win32.IRCBot.y
Affected operating systems: Microsoft Windows Operating Systems
Side effects::
* Allows others to access the computer
* Reduces system security
* Installs itself in the Registry
* Exploits system or software vulnerabilities
To scan your computer for W32/Rbot-WX, please check ARNIT Free Online Virus scanner at http://www.arnit.net/security/tplarnit.php?page=vscan