donk-d now randex via irc.

Discussion in 'malware problems & news' started by bigc73542, Oct 20, 2003.

Thread Status:
Not open for further replies.
  1. bigc73542

    bigc73542 Retired Moderator

    Sep 21, 2003
    SW. Oklahoma
    In the wake of Donk-D, comes the Randex worms
    [PC Pro] 17:09

    Following in the recent wake of Donk-D comes reports of more network worms, according to anti-virus specialist Sophos.
    Like the Donk worm, the Randex variants are network worms with backdoor capabilities. Potentially, this allows a remote attacker to control an infected computer. Whereas Donk exploited the now-familiar vulnerabilities in the Windows RPCSS service, the Randex worms work via the IRC (Internet Relay Chat) channels that underpin instant messaging.

    When first run, Randex-Q copies itself to the Windows system folder as Musirc4.71.exe. Randex-I, by contrast, copies itself to the same folder as msnv32.exe. Subsequently, the worms try to connect to remote IRC servers and they will also run in the background list

    ening for commands to execute.

    While Sophos has received several reports of Randex-Q in the wild, there has been just one report of Randex-I. An indication, perhaps, of the relative virulence of the worms.

    You can find more information on Randex-I on the Sophos website. And ditto for Randex-I.

    Alun Williams

    Read comments: 0

    sorry should have posted under worms. :oops:
Thread Status:
Not open for further replies.