high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Included in our products from | December 2004 (3.88) |
| Protection available since | 14 October 2004 13:08:31 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please read the instructions for removing W32/Forbot-BF.
More Information
W32/Forbot-BF is a network worm which attempts to spread via network shares. The worm contains backdoor Trojan functions that allows unauthorised remote access to the infected computer via IRC channels while running in the background.
When run W32/Forbot-BF moves itself to the Windows System folder as lsess.exe and creates the following registry entries so as to run itself either on user logon or computer restart:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Sysino = lsess.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
Sysino = lsess.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
Sysino = lsess.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Sysino = lsess.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
Sysino = lsess.exe
Once installed, W32/Forbot-BF will attempt to perform the following actions when instructed to do so by a remote attacker:
- setup a SOCKS4 proxy
- setup a HTTP proxy
- delete network shares
- partake in denial of service (DDOS) attacks
- port scan IP addresses
- download and run files from the Internet
W32/Forbot-BF also creates its own service named "irc.aol.com" with the display name "Sysino".
W32/Forbot-BF can spread to unpatched machines affected by the LSASS vulnerability (MS04-011).
The worm will attempt to steal CD keys from the following applications:
Unreal Tournament 2004
Unreal Tournament 2003
The Gladiators
Soldier of Fortune II - Double Helix
Soldiers Of Anarchy
Shogun: Total War: Warlord Edition
Ravenshield
Neverwinter Nights
Need For Speed: Underground
Need For Speed: Hot Pursuit 2
NHL 2003
NHL 2002
Nascar Racing 2003
Nascar Racing 2002
Medal of Honor: Allied Assault
Medal of Honor: Allied Assault: Spearhead
Medal of Honor: Allied Assault: Breakthrough
James Bond 007: Nightfire
Industry Giant 2
IGI2: Covert Strike
Hidden and Dangerous 2
Half-Life
Gunman Chronicles
Global Operations
Freedom Force
FIFA 2003
FIFA 2002
Counter-Strike
Command and Conquer: Tiberian Sun
Command and Conquer: Red Alert2
Command and Conquer: Generals: Zero Hour
Command and Conquer: Generals
Black and White
Battlefield 1942: Vietnam
Battlefield 1942: The Road To Rome
Battlefield 1942: Secret Weapons Of WWII
Battlefield 1942
Yahoo! Pager
AOL Instant Messenger
Microsoft.NET Messenger Service
|
