Backdoor.IRC.Cirebot...installs a backdoor Trojan Horse.

Discussion in 'malware problems & news' started by AplusWebMaster, Aug 3, 2003.

Thread Status:
Not open for further replies.
  1. AplusWebMaster

    AplusWebMaster Registered Member

    Jun 14, 2003
    Philadelphia, PA, USA
    :( FYI...from Symantec:
    "...Backdoor.IRC.Cirebot is a threat which exploits the Microsoft DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) to install a backdoor Trojan Horse on vulnerable systems. Backdoor.IRC.Cirebot consists of a Backdoor component, and a Hacktool component which installs the backdoor on systems which are vulnerable to the exploit.
    Signs of infection: the existence of the files c:\rpc.exe, c:\rpctest.exe, or c:\lolx.exe.
    Signs that a network is being attacked: traffic on port 445 to sequential IP addresses.
    Signs that an attack has succeeded (allowing a remote shell and downloading of the backdoor): port 57005 open; an ftp connection on port 69..."

    - See also this thread:;start=msg77483#msg77483.
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.