Home / malware Backdoor:W32/Agobot
First posted on 23 July 2010.
Source: SecurityHomeAliases :
There are no other names known for Backdoor:W32/Agobot.
Explanation :
A remote administration utility which bypasses normal security mechanisms to secretly control a program, computer or network.
Additional DetailsAgobot is an IRC-controlled backdoor with network spreading capabilities.
When spreading it can exploit several vulnerabilities:
€ RPC/DCOM (MS03-026) € RPC/Locator (MS03-001) € WebDAV (MS03-007)
RPC/DCOM and RPC/Locator is used when the worm tries to spread automatically.
Other spreading methods like the WebDAV exploit can be activated through IRC commands.Variant:Agobot.AXDescription:This backdoor variant is functionaly similar to the previous variants, but it is more powerful than earlier versions. The description of Agobot.AX is available here: http://www.f-secure.com/v-descs/agobot_ax.shtmlVariant:Agobot.FDescription:The Agobot.f variant was reported by several customers in the beginning of September 2003. This backdoor has functionality similar to previous variants. The description of Agobot.f can be found here: http://www.f-secure.com/v-descs/agobot_f.shtmlVariant:Agobot.PDescription:The Agobot.p variant was reported by several customers in the middle of October 2003. This backdoor has functionality similar to previous variants. The description of Agobot.p can be found here: http://www.f-secure.com/v-descs/agobot_p.shtmlVariant:Agobot.QDescription:The Agobot.q variant was reported by several customers in the middle of October 2003. This backdoor is a minor variant of Agobot.p, so it has very similar features. The description of Agobot.q can be found here: http://www.f-secure.com/v-descs/agobot_q.shtmlLast update 23 July 2010
