WORM_IRCBOT.ABJ
Windows 98, ME, NT, 2000, XP, Server 2003
Tipo di minaccia informatica:
Worm
Distruttivo?:
No
Crittografato?:
No
In the wild::
Sì
Panoramica e descrizione
Para obtener una visión integral del comportamiento de este Worm, consulte el diagrama de amenazas que se muestra a continuación.
Puede haberlo descargado otro malware/grayware/spyware desde sitios remotos. Puede haberlo descargado inadvertidamente un usuario mientras visitaba sitios Web maliciosos.
Usa determinadas listas de nombres de usuario y contraseñas para acceder a archivos compartidos protegidos mediante contraseña. Aprovecha las vulnerabilidades del software para propagarse a otros equipos de la red.
Realiza escuchas en los puertos. Ejecuta comandos desde un usuario remoto malicioso que pone en peligro el sistema afectado.
Inicia ataques de inundación concretos frente a los sitios de destino. Lleva a cabo la rutina mencionada para que los usuarios no puedan acceder a esos sitios en un momento dado.
Roba claves de CD, números de serie y/o los identificadores de producto de determinados programas. La información sustraída se puede usar para beneficio de los ciberdelincuentes, quienes pueden acceder a esa información. Registra las pulsaciones de teclas de un usuario para robar información.
Dettagli tecnici
Detalles de entrada
Puede haberlo descargado otro malware/grayware/spyware desde sitios remotos.
Puede haberlo descargado inadvertidamente un usuario mientras visitaba sitios Web maliciosos.
Instalación
Crea las siguientes copias de sí mismo en el sistema afectado:
- %System%\windowsupdate.exe
(Nota: %System% es la carpeta del sistema de Windows, que en el caso de Windows 98 y ME suele estar en C:\Windows\System, en el caso de Windows NT y 2000 en C:\WINNT\System32 y en el caso de Windows XP y Server 2003 en C:\Windows\System32).
)Técnica de inicio automático
Agrega las siguientes entradas de registro para permitir su ejecución automática cada vez que se inicia el sistema:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Windows Firewall Updater = windowsupdate.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\RunServices
Windows Firewall Updater = windowsupdate.exe
Otras modificaciones del sistema
Agrega las siguientes entradas de registro como parte de la rutina de instalación:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
AllowUnqualifiedQuery = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
PrioritizeRecordData = 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
TCP1320Opts = 3
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
KeepAliveTime = dword:00023280
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
BcastQueryTimeout = dword:000002ee
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
BcastQueryTimeout = dword:000002ee
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
BcastNameQueryCount = dword:00000001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
CacheTimeout = dword:0000ea60
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
Size/Small/Medium/Large = dword:00000003
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
LargeBufferSize = dword:00001000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
SynAckProtect = dword:00000002
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
PerformRouterDiscovery = dword:00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
EnablePMTUBHDetect = dword:00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
FastSendDatagramThreshold = dword:00000400
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
StandardAddressLength = dword:00000018
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
DefaultReceiveWindow = dword:00004000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
DefaultSendWindow = dword:00004000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
BufferMultiplier = dword:00000200
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
PriorityBoost = dword:00000002
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
IrpStackSize = dword:00000004
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
IgnorePushBitOnReceives = dword:00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
DisableAddressSharing = dword:00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
AllowUserRawAccess = dword:00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
DisableRawSecurity = dword:00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
DynamicBacklogGrowthDelta = dword:00000032
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
FastCopyReceiveThreshold = dword:00000400
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
LargeBufferListDepth = dword:0000000a
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
MaxActiveTransmitFileCount = dword:00000002
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
MaxFastTransmit = dword:00000040
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
OverheadChargeGranularity = dword:00000001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
SmallBufferListDepth = dword:00000020
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
SmallerBufferSize = dword:00000080
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
TransmitWorker = dword:00000020
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
DNSQueryTimeouts = {hex values}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
DefaultRegistrationTTL = dword:00000014
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
DisableReplaceAddressesInConflicts = dword:00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
DisableReverseAddressRegistrations = dword:00000001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
UpdateSecurityLevel = dword:00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
DisjointNameSpace = dword:00000001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
QueryIpMatching = dword:00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
NoNameReleaseOnDemand = dword:00000001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
EnableDeadGWDetect = dword:00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
EnableFastRouteLookup = dword:00000001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
MaxFreeTcbs = dword:000007d0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
MaxHashTableSize = dword:00000800
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
SackOpts = dword:00000001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
Tcp1323Opts = dword:00000003
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
TcpMaxDupAcks = dword:00000001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
TcpRecvSegmentSize = dword:00000585
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
TcpSendSegmentSize = dword:00000585
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
DefaultTTL = dword:00000030
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
TcpMaxHalfOpen = dword:0000004b
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
TcpMaxHalfOpenRetried = dword:00000050
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
TcpTimedWaitDelay = dword:00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
MaxNormLookupMemory = dword:00030d40
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
FFPControlFlags = dword:00000001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
FFPFastForwardingCacheSize = dword:00030d40
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
MaxForwardBufferMemory = dword:00019df7
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
MaxFreeTWTcbs = dword:000007d0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
GlobalMaxTcpWindowSize = dword:0007d200
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
EnablePMTUDiscovery = dword:00000001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
ForwardBufferMemory = dword:00019df7
HKEY_CURRENT_USER\Software\Microsoft\
OLE
Windows Firewall Updater = windowsupdate.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Ole
EnableRemoteConnect = N
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\lanmanserver\parameters
AutoShareServer = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\lanmanserver\parameters
AutoShareWks = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\wscsvc
Start = dword:00000004
Crea la(s) siguiente(s) entrada(s) de registro para evitar el cortafuegos de Windows:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\
List
C:\\WINDOWS\\System32\\windowsupdate.exe = C:\WINDOWS\System32\windowsupdate.exe:*:Enabled:Windows Firewall Updater
Propagación
Usa las siguientes listas de nombres de usuario y contraseñas para acceder a archivos compartidos protegidos mediante contraseña:
- Administrator
- administrator
- administrador
- administrateur
- administrat
- admins
- admin
- staff
- computer
- owner
- student
- teacher
- wwwadmin
- guest
- default
- database
- oracle
- ADMINISTRATOR
- Administrator
- administrator
- fubar
- GUEST
- ADMIN
- PASSWORD
- SHARE
- ladeda
- FILES
- OWNER
- Owner
- ACCESS
- BACKUP
- SYSTEM
- SERVER
- pepsi
- LOCAL
- linux
- changeme
- Changeme
- temp123
- 12345
- 123456
- 1234567
- 12345678
- 123456789
- 654321
- 54321
- 11111111
- 88888888
- passwd
- database
- abc123
- oracle
- sybase
- 123qwe
- computer
- Internet
- super
- 123asd
- ihavenopass
- godblessyou
- enable
- 111111
- 121212
- 123123
- 1234qwer
- 123abc
- alpha
- patrick
- foobar
- Nilez
- devil
- netdevil
- net-devil
- 0wned
- owned
- irule
- netfuck
- fucked
- crash
- test123
- secret
- login
- mypc123
- admin123
- pw123
- mypass
- mypass123
- Matthew
- satan
- satanik
- satanic
- spaceman
- heaven
- 0wn3d
- killer
- hacker
- hax0r
- script
- scriptkiddie
- kiddie
- uwontguessme
- youwontguessme
- guessme
- xxxxx
- xxxxxx
- xxxxxxx
- xxxxxxxx
- xxxxxxxxx
- death
- testing
- 00000
- 000000
- academia
- academic
- accept
- account
- action
- adrian
- adrianna
- adult
- aerobics
- airplane
- alaska
- albany
- albatros
- albert
- alert
- alexande
- algebra
- alias
- aliases
- alice
- alicia
- alisa
- alison
- allison
- allow
- alphabet
- amadeus
- amanda
- amber
- america
- amorphou
- analog
- anarchis
- anarchy
- anchor
- andrea
- android
- andromac
- angela
- angerine
- angie
- animal
- animals
- anita
- annette
- anonymou
- answer
- anthrax
- anthropo
- anvils
- anything
- apollo13
- april
- ariadne
- arlene
- arrow
- arthur
- artist
- asian
- asshole
- athena
- atmosphe
- attack
- authoriz
- aztecs
- azure
- bacchus
- backdoor
- badass
- bailey
- banana
- bananas
- bandit
- banks
- barbara
- barber
- baritone
- bartman
- baseball
- basic
- bassoon
- batch
- batman
- beach
- beammeup
- beast
- beater
- beauty
- beaver
- becky
- beethove
- begin
- behead
- beloved
- beowulf
- berkeley
- berlin
- berliner
- beryl
- betsie
- betty
- beverly
- bible
- bicamera
- bigfoot
- binary
- bishop
- bitch
- bitmap
- bitnet
- black
- blonde
- blondie
- blood
- bloodaxe
- blowjob
- blues
- board
- boner
- boobs
- boyscout
- bradley
- brandi
- brandy
- bravo
- break
- breast
- brenda
- brian
- bridget
- broadway
- brothel
- brunette
- brute
- brutefor
- bulls
- bullshit
- bumbling
- burgess
- butch
- butthead
- californ
- camille
- campanil
- camping
- candi
- candy
- cantor
- captain
- capture
- cardinal
- caren
- carla
- carmen
- carol
- carole
- carolina
- caroline
- carrie
- carson
- cascades
- castle
- catherin
- catholic
- cathy
- cayuga
- cecily
- celtic
- celtics
- cerulean
- change
- charity
- charles
- charlie
- charming
- charon
- chemistr
- chess
- chester
- chris
- christin
- christy
- cigar
- cigarett
- cindy
- class
- classes
- classic
- claudia
- claymore
- cleavage
- clinton
- cluster
- clusters
- coast
- cocacola
- cocainco
- codename
- codeword
- coffee
- collins
- color
- combat
- comics
- commit
- commrade
- company
- computin
- comrade
- comrades
- condo
- condom
- connect
- connie
- conserva
- console
- continue
- cookbook
- cookie
- cooper
- copper
- corneliu
- correct
- counters
- country
- couscous
- cowboy
- crack
- crackpot
- cream
- create
- creation
- creature
- credit
- creosote
- cretin
- crime
- criminal
- cristina
- crystal
- cshrc
- customer
- cyber
- cyberpun
- cyberspa
- cynthia
- daemon
- daisy
- dancer
- daniel
- danielle
- danny
- dapper
- darkaven
- deathsta
- debbie
- deborah
- debug
- december
- default
- DEFAULT
- defoe
- delta
- deluge
- democrat
- denise
- dennis
- desiree
- desktop
- desperat
- develop
- device
- diamond
- diana
- diane
- diehard
- dieter
- digital
- dinosaur
- dipshit
- direct
- director
- dirty
- discipli
- disclose
- discover
- diskette
- disney
- display
- doctor
- dollar
- doom2
- doomii
- doomsday
- doonesbu
- doors
- download
- dragon
- drdoom
- drive
- drought
- duelist
- dulce
- duncan
- dungeon
- eager
- eagle
- earth
- easier
- eatme
- eddie
- edges
- edinburg
- edition
- education
- educatio
- edwin
- edwina
- egghead
- eiderdow
- eileen
- einsiein
- einstein
- elaine
- elanor
- electron
- elephant
- elizabet
- ellen
- emerald
- emily
- emmanuel
- enemy
- engine
- engineer
- england
- english
- enter
- enterpri
- enzyme
- erenity
- erica
- erika
- erotic
- ersatz
- establis
- estate
- eternity
- euclid
- evelyn
- expert
- explode
- explore
- explorer
- explosiv
- extensio
- fairway
- faith
- falcon
- false
- family
- farad
- faraday
- felicia
- fender
- fermat
- ferrari
- fidelity
- field
- fight
- finite
- firewall
- fishers
- flakes
- float
- florida
- flower
- flowers
- foolproo
- football
- force
- foresigh
- forever
- format
- fornicat
- forsythe
- fourier
- foxtrot
- france
- frank
- freak
- freedom
- french
- friday
- friend
- friends
- frighten
- fryguy
- fucker
- fucking
- fuckme
- fuckyou
- fudge
- function
- fungible
- gabriel
- games
- gardner
- garfield
- gateway
- gatherin
- gauss
- george
- gertrude
- ghost
- gibson
- gigabyte
- ginger
- glacier
- golden
- golfer
- gorgeous
- gorges
- gosling
- gouge
- govermen
- grades
- graham
- grahm
- grand
- grant
- great
- green
- group
- gryphon
- guardian
- gucci
- guess
- guitar
- gumption
- guntis
- hacked
- hagar
- hallowee
- hamlet
- hamster
- handel
- handily
- handjob
- happenin
- hardcore
- harddriv
- harmony
- harold
- harvey
- haven
- hawaii
- headbang
- heathen
- heather
- hebrides
- heidi
- heinlein
- hello
- herbert
- heroin
- hewlett
- hexadeci
- hiawatha
- hibernia
- hidden
- highland
- hitler
- holly
- hollywoo
- homepage
- homer
- homework
- honey
- hooker
- hooters
- horny
- horrible
- horror
- horse
- horus
- hotdog
- hotel
- hunter
- hutchins
- hydrogen
- hyper
- hypertxt
- icecream
- illumina
- image
- imbrogli
- immortal
- imperial
- include
- india
- indian
- indiana
- indians
- ingres
- ingress
- ingrid
- innocuou
- input
- inside
- integer
- invent
- irene
- irishman
- jackie
- janet
- janice
- janie
- japan
- jasmin
- jeanne
- jenni
- jennifer
- jenny
- jerry
- jerusale
- jessica
- jester
- jewelry
- jixian
- joanne
- johndoe
- johnny
- joseph
- joshua
- journal
- joyce
- judith
- juggle
- juicy
- julia
- julie
- juliet
- jupiter
- karen
- karie
- karina
- katana
- kathleen
- kathrine
- kathy
- katina
- katrina
- kelly
- kermit
- kernel
- kerri
- kerrie
- kerry
- kevin
- keybord
- keyin
- keyword
- killthem
- kimberly
- kirkland
- kissmyas
- kitten
- klingon
- knife
- knight
- knightma
- known
- krista
- kristen
- kristi
- kristie
- kristin
- kristine
- kristy
- ladies
- ladle
- lakers
- lambda
- laminati
- laptop
- larkin
- larry
- laser
- laura
- lazarus
- lazer
- lebesgue
- leftwing
- legal
- leland
- leroy
- lesbian
- leslie
- letmein
- lewis
- lexluthe
- liberal
- library
- licker
- light
- lightsab
- limbaugh
- limited
- linda
- literatu
- lockout
- lockword
- logic
- loginwor
- logout
- lolopc
- loose
- lorin
- lorraine
- loser
- louis
- lovebug
- lover
- lucus
- lynne
- machine
- macintos
- macro
- maggot
- magic
- magnet
- maint
- malcolm
- malcom
- manager
- marci
- marcy
- maria
- mariens
- marietta
- marijuan
- marines
- markus
- marni
- marriage
- marty
- marvin
- mason
- master
- maurice
- meagan
- megabyte
- megadeth
- megan
- melissa
- mellon
- melrose
- member
- memory
- menace
- mercury
- merlin
- metal
- metalhea
- metalica
- michael
- michel
- michelan
- michele
- michelle
- mickey
- micro
- microchi
- micropro
- microsof
- midieval
- minimum
- minsky
- misfit
- mission
- modem
- mogul
- moguls
- monday
- monica
- moose
- morley
- morris
- mortal
- mortalco
- mortgage
- mosaic
- mountain
- mouse
- movie
- movies
- mozart
- msdos
- muppets
- mutant
- nagel
- nancy
- napoleon
- nepenthe
- neptune
- netscape
- network
- newborn
- newsgrou
- newton
- newyork
- nicole
- nicotine
- night
- nightmar
- nintendo
- nnaacp
- noble
- nobody
- noreen
- notes
- novel
- november
- noxious
- nuclear
- nukem
- number
- nutritio
- nyquist
- obscurit
- oceanogr
- ocelot
- office
- oldage
- olivetti
- olivia
- omega
- opening
- openlock
- opensesa
- operator
- orient
- orwell
- oscar
- osiris
- outdoors
- outlaw
- output
- outside
- oxford
- pacific
- packard
- packer
- painless
- paint
- pakistan
- pamela
- paper
- papers
- pascal
- passphra
- paste
- patricia
- patriot
- patty
- paula
- peanuts
- pecker
- pencil
- penelope
- penguin
- penis
- penname
- pentagon
- pentagra
- penthous
- pentium
- peoria
- pepper
- percolat
- perfect
- permit
- persimmo
- persona
- pervert
- peter
- philip
- phoenix
- phone
- photon
- phrack
- phrase
- phreak
- phuck
- pierre
- pinname
- pizza
- plane
- playboy
- plover
- pluto
- plymouth
- poetry
- police
- polly
- polynomi
- ponderin
- porno
- porsche
- poster
- power
- praise
- precious
- prelude
- presto
- prince
- princeto
- printer
- private
- privs
- proceed
- processo
- professo
- profile
- program
- prompt
- protect
- protozoa
- psycho
- psychopa
- public
- pumpkin
- puneet
- punisher
- puppet
- pussy
- quebec
- qwert
- qwerty
- rabbit
- rachel
- rachelle
- rachmani
- rainbow
- raindrop
- raleigh
- random
- rascal
- razor
- reagan
- reality
- really
- reaper
- rebal
- rebecca
- rebel
- record
- reddawn
- redhead
- referenc
- regional
- release
- remote
- renee
- report
- republic
- resistan
- reveal
- rhino
- riffraff
- right
- rightwin
- ripple
- roach
- robert
- robin
- robot
- robotics
- robyn
- rochelle
- rocheste
- rocky
- rockyhor
- rodent
- rolex
- romano
- romeo
- romulan
- ronald
- rosebud
- rosemary
- roses
- rough
- rubber
- ruben
- rules
- running
- salami
- samantha
- sample
- sandra
- sandy
- sarah
- saturday
- saturn
- saxon
- scamper
- scheme
- school
- schoolsucks
- scifi
- scorpion
- scott
- scotty
- scout
- search
- security
- sensor
- sentinel
- sentry
- serenity
- serial
- service
- sesame
- shannon
- sharc
- shark
- sharks
- sharon
- sheffiel
- sheldon
- shell
- sherri
- shift
- shirley
- shitpot
- shiva
- shivers
- short
- shuttle
- sierra
- signatur
- silver
- simcity
- simon
- simple
- simpsons
- simulati
- singer
- single
- skull
- slave
- slick
- sliders
- small
- smart
- smile
- smiles
- smooch
- smother
- snach
- snafu
- snake
- snatch
- snoopy
- social
- socrates
- sodomy
- software
- somebody
- sondra
- sonia
- sonic
- sonya
- sossina
- source
- south
- spaceshi
- sparrows
- spear
- spell
- spice
- spider
- spiderma
- spred
- spring
- springer
- spunk
- squires
- stacey
- staci
- stacie
- stacy
- starship
- start
- startrek
- startup
- starwars
- steak
- steal
- steel
- steph
- stephani
- stereo
- steve
- stoneage
- stoned
- stones
- strange
- strangle
- stratfor
- streetfi
- string
- strip
- student
- stuttgar
- subscrib
- subway
- success
- suckmydi
- sucks
- summer
- sunday
- superman
- superson
- supersta
- superuse
- supervis
- support
- supporte
- surfer
- surfing
- susan
- susanne
- susie
- suzanne
- suzie
- swearer
- sweat
- switch
- sword
- sybil
- symmetry
- sysadmin
- sysop
- tabasco
- tamara
- tamie
- tammy
- tangerin
- tango
- target
- tarragon
- taylor
- teacher
- teapot
- tears
- teenage
- telephon
- telnet
- temptati
- tennis
- terminal
- terminat
- tetris
- thailand
- theresa
- thursday
- tiffany
- tiger
- toggle
- token
- tokenrin
- tomato
- topograp
- tortoise
- toxic
- toyota
- traci
- tracie
- tracy
- trails
- transfer
- trapdoor
- trisha
- trivial
- trojan
- trombone
- truth
- tubas
- tuesday
- tuttle
- umesh
- uncle
- unhappy
- unicorn
- uniform
- universa
- universe
- universi
- unknown
- unlock
- upload
- uranus
- urchin
- ursula
- usenet
- usermane
- username
- utility
- vagina
- valerie
- vampire
- vasant
- venus
- veronica
- vertigo
- vicky
- victor
- video
- videogam
- village
- virgin
- virginia
- virus
- visitor
- visual
- visualba
- vodka
- warez
- warfare
- wargames
- warren
- watchwor
- water
- webpage
- wednesda
- weenie
- wendi
- wendy
- werewolf
- western
- whatever
- whatnot
- whisky
- white
- whiting
- whitney
- wholesal
- whore
- william
- williams
- willie
- wilma
- windows
- winston
- wired
- wisconsi
- wiseass
- within
- wizard
- wolverin
- woman
- wombat
- women
- woodwind
- wordperf
- wormwood
- wyoming
- xmodem
- xyzzy
- yankee
- yellow
- yellowst
- yolanda
- yosemite
- young
- zebra
- zeitgeis
- ziggy
- zimmerma
- zmodem
- zombie
- 00000000
- tester
- testin
- Rosco
- RoscoP
- RoscoPColtrane
- dudette
- Alexander
- donaldduck
- wileecoyote
- windowz
- windoze
- windose
- billy
- WindowsXP
- windows2k
- windowsME
- windows98
- windows95
- windozexp
- windoze2k
- windozeME
- windoze98
- windoze95
- wh0r3
- wh0re
- haxing
- h4x1ng
- h4x0r1ng
- h4x0ring
- albatross
- amorphous
- andromache
- anthropogenic
- atmosphere
- beethoven
- bicameral
- campanile
- catherine
- chemistry
- christina
- christine
- commrades
- cornelius
- desperate
- discovery
- edinburgh
- eiderdown
- elizabeth
- enterprise
- establish
- extension
- foolproof
- foresight
- happening
- imbroglio
- innocuous
- lamination
- macintosh
- nutrition
- oceanography
- percolate
- persimmon
- polynomial
- pondering
- princeton
- professor
- rachmaninoff
- rochester
- sheffield
- signature
- stephanie
- stratford
- stuttgart
- superstage
- superuser
- supported
- tangerine
- telephone
- temptation
- topography
- wholesale
- williamsburg
- wisconsin
- yellowstone
- zimmerman
Aprovecha las vulnerabilidades de software siguientes para propagarse a otros equipos de la red:
- MS03-039 Buffer Overrun In RPCSS Service
Rutina de puerta trasera
Realiza escuchas en los puertos siguientes:
- TCP port 4003
Se conecta a uno de los servidores de IRC siguientes:
- {BLOCKED}.pwnz.org
Ejecuta los comandos siguientes desde un usuario remoto malicioso:
- Download and execute files
- Send files
- Launch DDOS attack
- Terminate antivirus/firewall processes
- Obtain certain system information
Ataque de denegación de servicio
Inicia los tipos siguientes de ataques de inundación frente a los sitios de destino:
- Ping Flood
- SYN Flood
- UDP Flood
Robo de información
Tiene como objetivo los siguientes sitios web:
- e-gold
- PayPal
- StormPay
- Vodafone
- Poste Italiane
- Yahoo!
- Banca Sella
- Bank Of America
- Benvenuto a gmail
- banca
- poker
- rapidshare
Roba claves de CD, números de serie y/o identificadores de producto de aplicaciones de determinados programas.
Registra las pulsaciones de teclas de un usuario para robar información.
Soluzioni
Step 1
Los usuarios de Windows ME y XP, antes de llevar a cabo cualquier exploración, deben comprobar que tienen desactivada la opción Restaurar sistema para permitir la exploración completa del equipo.
Step 2
Eliminar este valor del Registro
Importante: si modifica el Registro de Windows incorrectamente, podría hacer que el sistema funcione mal de manera irreversible. Lleve a cabo este paso solo si sabe cómo hacerlo o si puede contar con ayuda de su administrador del sistema. De lo contrario, lea este artículo de Microsoft antes de modificar el Registro del equipo.
- In HKEY_CURRENT_USER\Software\Microsoft\OLE
- Windows Firewall Updater = windowsupdate.exe
- Windows Firewall Updater = windowsupdate.exe
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole
- EnableRemoteConnect = N
- EnableRemoteConnect = N
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- Windows Firewall Updater = windowsupdate.exe
- Windows Firewall Updater = windowsupdate.exe
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
- Windows Firewall Updater = windowsupdate.exe
- Windows Firewall Updater = windowsupdate.exe
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters
- AutoShareServer = 0
- AutoShareServer = 0
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters
- AutoShareWks = 0
- AutoShareWks = 0
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
- C:\WINDOWS\System32\windowsupdate.exe = C:\WINDOWS\System32\windowsupdate.exe:*:Enabled:Windows Firewall Updater
- C:\WINDOWS\System32\windowsupdate.exe = C:\WINDOWS\System32\windowsupdate.exe:*:Enabled:Windows Firewall Updater
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- AllowUnqualifiedQuery = dword:00000000
- AllowUnqualifiedQuery = dword:00000000
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- PrioritizeRecordData = dword:00000001
- PrioritizeRecordData = dword:00000001
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- TCP1320Opts = dword:00000003
- TCP1320Opts = dword:00000003
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- KeepAliveTime = dword:00023280
- KeepAliveTime = dword:00023280
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- BcastQueryTimeout = dword:000002ee
- BcastQueryTimeout = dword:000002ee
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- BcastNameQueryCount = dword:00000001
- BcastNameQueryCount = dword:00000001
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- CacheTimeout = dword:0000ea60
- CacheTimeout = dword:0000ea60
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- Size/Small/Medium/Large = dword:00000003
- Size/Small/Medium/Large = dword:00000003
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- LargeBufferSize = dword:00001000
- LargeBufferSize = dword:00001000
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- SynAckProtect = dword:00000002
- SynAckProtect = dword:00000002
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- PerformRouterDiscovery = dword:00000000
- PerformRouterDiscovery = dword:00000000
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- EnablePMTUBHDetect = dword:00000000
- EnablePMTUBHDetect = dword:00000000
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- FastSendDatagramThreshold = dword:00000400
- FastSendDatagramThreshold = dword:00000400
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- StandardAddressLength = dword:00000018
- StandardAddressLength = dword:00000018
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- DefaultReceiveWindow = dword:00004000
- DefaultReceiveWindow = dword:00004000
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- DefaultSendWindow = dword:00004000
- DefaultSendWindow = dword:00004000
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- BufferMultiplier = dword:00000200
- BufferMultiplier = dword:00000200
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- PriorityBoost = dword:00000002
- PriorityBoost = dword:00000002
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- IrpStackSize = dword:00000004
- IrpStackSize = dword:00000004
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- IgnorePushBitOnReceives = dword:00000000
- IgnorePushBitOnReceives = dword:00000000
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- DisableAddressSharing = dword:00000000
- DisableAddressSharing = dword:00000000
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- AllowUserRawAccess = dword:00000000
- AllowUserRawAccess = dword:00000000
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- DisableRawSecurity = dword:00000000
- DisableRawSecurity = dword:00000000
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- DynamicBacklogGrowthDelta = dword:00000032
- DynamicBacklogGrowthDelta = dword:00000032
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- FastCopyReceiveThreshold = dword:00000400
- FastCopyReceiveThreshold = dword:00000400
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- LargeBufferListDepth = dword:0000000a
- LargeBufferListDepth = dword:0000000a
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- MaxActiveTransmitFileCount = dword:00000002
- MaxActiveTransmitFileCount = dword:00000002
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- MaxFastTransmit = dword:00000040
- MaxFastTransmit = dword:00000040
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- OverheadChargeGranularity = dword:00000001
- OverheadChargeGranularity = dword:00000001
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- SmallBufferListDepth = dword:00000020
- SmallBufferListDepth = dword:00000020
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- SmallerBufferSize = dword:00000080
- SmallerBufferSize = dword:00000080
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- TransmitWorker = dword:00000020
- TransmitWorker = dword:00000020
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- DNSQueryTimeouts = {hex values}
- DNSQueryTimeouts = {hex values}
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- DefaultRegistrationTTL = dword:00000014
- DefaultRegistrationTTL = dword:00000014
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- DisableReplaceAddressesInConflicts = dword:00000000
- DisableReplaceAddressesInConflicts = dword:00000000
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- DisableReverseAddressRegistrations = dword:00000001
- DisableReverseAddressRegistrations = dword:00000001
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- UpdateSecurityLevel = dword:00000000
- UpdateSecurityLevel = dword:00000000
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- DisjointNameSpace = dword:00000001
- DisjointNameSpace = dword:00000001
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- QueryIpMatching = dword:00000000
- QueryIpMatching = dword:00000000
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- NoNameReleaseOnDemand = dword:00000001
- NoNameReleaseOnDemand = dword:00000001
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- EnableDeadGWDetect = dword:00000000
- EnableDeadGWDetect = dword:00000000
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- EnableFastRouteLookup = dword:00000001
- EnableFastRouteLookup = dword:00000001
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- MaxFreeTcbs = dword:000007d0
- MaxFreeTcbs = dword:000007d0
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- MaxHashTableSize = dword:00000800
- MaxHashTableSize = dword:00000800
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- SackOpts = dword:00000001
- SackOpts = dword:00000001
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- Tcp1323Opts = dword:00000003
- Tcp1323Opts = dword:00000003
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- TcpMaxDupAcks = dword:00000001
- TcpMaxDupAcks = dword:00000001
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- TcpRecvSegmentSize = dword:00000585
- TcpRecvSegmentSize = dword:00000585
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- TcpSendSegmentSize = dword:00000585
- TcpSendSegmentSize = dword:00000585
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- DefaultTTL = dword:00000030
- DefaultTTL = dword:00000030
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- TcpMaxHalfOpen = dword:0000004b
- TcpMaxHalfOpen = dword:0000004b
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- TcpMaxHalfOpenRetried = dword:00000050
- TcpMaxHalfOpenRetried = dword:00000050
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- TcpTimedWaitDelay = dword:00000000
- TcpTimedWaitDelay = dword:00000000
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- MaxNormLookupMemory = dword:00030d40
- MaxNormLookupMemory = dword:00030d40
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- FFPControlFlags = dword:00000001
- FFPControlFlags = dword:00000001
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- FFPFastForwardingCacheSize = dword:00030d40
- FFPFastForwardingCacheSize = dword:00030d40
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- MaxForwardBufferMemory = dword:00019df7
- MaxForwardBufferMemory = dword:00019df7
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- MaxFreeTWTcbs = dword:000007d0
- MaxFreeTWTcbs = dword:000007d0
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- GlobalMaxTcpWindowSize = dword:0007d200
- GlobalMaxTcpWindowSize = dword:0007d200
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- EnablePMTUDiscovery = dword:00000001
- EnablePMTUDiscovery = dword:00000001
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- ForwardBufferMemory = dword:00019df7
- ForwardBufferMemory = dword:00019df7
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc
- Start = dword:00000004
- Start = dword:00000004
Step 3
Restaurar este valor del Registro modificado
Importante: si modifica el Registro de Windows incorrectamente, podría hacer que el sistema funcione mal de manera irreversible. Lleve a cabo este paso solo si sabe cómo hacerlo o si puede contar con ayuda de su administrador del sistema. De lo contrario, lea este artículo de Microsoft antes de modificar el Registro del equipo.
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole
- From: EnableDCOM = N
To: EnableDCOM = Y
- From: EnableDCOM = N
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
- From: restrictanonymous = 1
To: restrictanonymous = 0
- From: restrictanonymous = 1
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv
- From: Start = 4
To: Start = 2
- From: Start = 4
Step 4
Explorar el equipo con su producto de Trend Micro para eliminar los archivos detectados como WORM_IRCBOT.ABJ En caso de que el producto de Trend Micro ya haya limpiado, eliminado o puesto en cuarentena los archivos detectados, no serán necesarios más pasos. Puede optar simplemente por eliminar los archivos en cuarentena. Consulte esta página de Base de conocimientos para obtener más información.
Step 5
Descargar y aplicar este parche de seguridad No utilice estos productos hasta que se hayan instalado los parches adecuados. Trend Micro recomienda a los usuarios que descarguen los parches críticos en cuanto los proveedores los pongan a su disposición.
Sondaggio