Backdoor.IRC.Cirebot...installs a backdoor Trojan Horse.

Discussion in 'malware problems & news' started by AplusWebMaster, Aug 3, 2003.

Thread Status:
Not open for further replies.
  1. AplusWebMaster

    AplusWebMaster Registered Member

    Jun 14, 2003
    Philadelphia, PA, USA
    :( FYI...from Symantec:
    "...Backdoor.IRC.Cirebot is a threat which exploits the Microsoft DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) to install a backdoor Trojan Horse on vulnerable systems. Backdoor.IRC.Cirebot consists of a Backdoor component, and a Hacktool component which installs the backdoor on systems which are vulnerable to the exploit.
    Signs of infection: the existence of the files c:\rpc.exe, c:\rpctest.exe, or c:\lolx.exe.
    Signs that a network is being attacked: traffic on port 445 to sequential IP addresses.
    Signs that an attack has succeeded (allowing a remote shell and downloading of the backdoor): port 57005 open; an ftp connection on port 69..."

    - See also this thread:;start=msg77483#msg77483.
Thread Status:
Not open for further replies.