Home / malwarePDF  

Worm:MSIL/ScodBot.A


First posted on 20 July 2010.
Source: SecurityHome

Aliases :

Worm:MSIL/ScodBot.A is also known as W32/Obfuscated.H!genr (Norman), Worm/ScodBot.A.1 (Avira), Worm.Generic.254551 (BitDefender), Trojan.Siggen1.44033 (Dr.Web), Worm.MSIL (Ikarus), Trj/StartPage.DAW (Panda), Trojan.Win32.Generic.5208D992 (Rising AV), Troj/Agent-NTA (Sophos), Trojan.Win32.Generic!BT (Sunbelt Software).

Explanation :

Worm:MSIL/ScodBot.A is a IRC controlled worm that can spread through removable drives and allow a remote attacker to gain access to the infected computer in order to perform various malicious payloads.
Top

Worm:MSIL/ScodBot.A is a IRC controlled worm that can spread through removable drives and allow a remote attacker to gain access to the infected computer in order to perform various malicious payloads. Spreads via€¦ Removable drives Worm:MSIL/ScodBot.A is capable of spreading through removable media such as USB drives, by copying itself to any removable drive it finds on the system. Payload Backdoor functionality Worm:MSIL/ScodBot.A allows unauthorized access and control of an affected machine. The worm can contact an IRC server in order to receive instruction from a remote attacker. Backdoor commands can include actions such as:

  • Disabling the Windows Security Centre settings
  • Disabling security applications
  • Sending bot information
  • Spreading through USB
  • Performing Distributed Denial of Service attacks
  • Downloading and upload files
  • Killing processes
  • Sending spam emails
  • Modifying the hosts file
  • Spreading though shares


    • Analysis by Amir Fouda

    Last update 20 July 2010

     

    TOP

    Malware :

    Family: