Taken From: http://www.sophos.com/virusinfo/analyses/w32forbotcl.html
Name
* W32/Forbot-CL
Type
* Worm
How it spreads
* Network shares
Affected operating systems
* Windows
Side effects
* Allows others to access the computer
* Steals information
* Reduces system security
* Installs itself in the Registry
* Exploits system or software vulnerabilities
Aliases
* Backdoor.Win32.Wootbot.gen
* W32/Sdbot.worm.gen
* WORM_WOOTBOT.CN
Detailed Description:
W32/Forbot-CL is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.
W32/Forbot-CL copies itself to the Windows system folder as MQGUARD.EXE.
W32/Forbot-CL also creates its own service named "Win32" with display name "Windows Network Controller".
W32/Forbot-CL attempts to spread to network machines using various exploits including the LSASS vulnerability (see MS04-011). The worm may also spread via IRC channels.
W32/Forbot-CL may act as a proxy, delete network shares and steal keys for various software products.
For a complete system scan, virus detection and removal, please check out ARNIT FREE Online Virus Scanner at: http://www.arnit.net/security/tplarnit.php?page=vscan
For removal instruction please check out ARNIT Security Advisories at: http://www.arnit.net/security/sectips.php?platform=windows
Name
* W32/Forbot-CL
Type
* Worm
How it spreads
* Network shares
Affected operating systems
* Windows
Side effects
* Allows others to access the computer
* Steals information
* Reduces system security
* Installs itself in the Registry
* Exploits system or software vulnerabilities
Aliases
* Backdoor.Win32.Wootbot.gen
* W32/Sdbot.worm.gen
* WORM_WOOTBOT.CN
Detailed Description:
W32/Forbot-CL is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.
W32/Forbot-CL copies itself to the Windows system folder as MQGUARD.EXE.
W32/Forbot-CL also creates its own service named "Win32" with display name "Windows Network Controller".
W32/Forbot-CL attempts to spread to network machines using various exploits including the LSASS vulnerability (see MS04-011). The worm may also spread via IRC channels.
W32/Forbot-CL may act as a proxy, delete network shares and steal keys for various software products.
For a complete system scan, virus detection and removal, please check out ARNIT FREE Online Virus Scanner at: http://www.arnit.net/security/tplarnit.php?page=vscan
For removal instruction please check out ARNIT Security Advisories at: http://www.arnit.net/security/sectips.php?platform=windows
on October 13, 2007, 6:53 am
http://vidca.ruiwnovacanoak.com.cn/
http://allievolesbichesexgratistetten.bbuyriassuntosantagw.org.cn/
http://programmipercrearedeckstopebookletteraturaeroticascaricabili.xzrfign
orarleh.com.cn/
http://fotopompinigayarchiviosuperdotatiperadultigratis.xzrfignorarleh.com.
cn/
http://fotografiepornograficheamatorialiesibizionistisexy.paepoperasantagos
tinc.cn/
http://cartonisexysessocavallivogliosi.dxiacanoaprezzob.com.cn/
http://fotoartistichdonndonnematureculimoscifoto.jefzgraziosod.cn/
http://pompinidocgratissolofotoamatorialierotiche.dxiacanoaprezzob.com.cn/
http://bocchinistupendiannunciuominisuperdotati.kikqignotaq.cn/
http://wwwvideopornoorgeudine.kikqignotaq.cn/
http://pornografialuoghiincontroscambisticoppieluoghiesibizionistitorino.bb
uyriassuntosantagw.org.cn/
http://suocer.ruiwnovacanoak.com.cn/
http://immagini.ruiwnovacanoak.com.cn/
http://omegaseamasteraquaterraslideshowmaddalenacorvagliacalendario.xzrfign
orarleh.com.cn/
http://raccontidiorgetradonneeuominifotoficheincollant.jefzgraziosod.cn/
http://donneconlecosceapertebrasilianinudi.jefzgraziosod.cn/
http://vederevideocontroiepienedisborraimbarazzatoragazzefottilo.bbuyriassu
ntosantagw.org.cn/
http://britneyspearssexfotofamme.dxiacanoaprezzob.com.cn/
http://videohardpercellularinegresex.bbuyriassuntosantagw.org.cn/
http://sconfinatofighetteamorenicerfighetta.paepoperasantagostinc.cn/