|
 |
|
IRCBot.es
|
|
|
First Report:
|
2005-08-15 18:55
|
|
Last Update:
|
2005-08-23 23:44
|
|
|
Risk Rating:
|
Medium Risk
|
|
|
Aliases:
|
Backdoor.Win32.IRCBot.es
BKDR_RBOT.BD
B}
IRCBot
IRCBot.es
W32.Esbot.A
W32/IRCbot.gen
W32/Sdbot-ACG
Win32.Esbot.{A
|
|
|
Virus Alerts:
|
Secunia issued a MEDIUM RISK alert for this virus.
2005-08-17 01:52
|
|
|
Information From AntiVirus Vendors
|
|
|
|
|
Below you will find virus information from different antivirus vendors included in this Secunia Virus Profile. Information about the virus along with links to removal tools will be listed below when available.
The information provided is sorted by the date on which the information first became publicy available on the antivirus vendors' websites. The earliest available reports are displayed first. Please note timestamps are in GMT+1.
|
|
|
#1 - F-SECURE
|
| |
|
|
IRCBot.es
|
Severity:
-
|
File Size:
8201
|
| |
|
|
Reported:
2005-08-15 18:55
|
Last Update:
2005-08-18 11:45
|
| |
Description:
This IRC-based backdoor-worm was found on August 15th, 2005 in Finland. The backdoor provides unauthorised access to an infected computer and also has the capability to spread to remote computers using the PnP exploit on port 445.
|
| |
|
Full Report From Vendor
Removal Tool/Instructions
View/Hide ChangeLog
|
|
ChangeLog:
|
|
|
Changes are listed in chronological order with the latest changes first.
|
|
| |
|
|
2005-08-18 11:45
|
Updated information about removal tool/instructions.
|
| |
|
|
2005-08-17 13:45
|
Description was changed.
New:
"This IRC-based backdoor-worm was found on
August 15th, 2005 in Finland. The backdoor
provides unauthorised access to an infected
computer and also has the capability to
spread to remote computers using the PnP
exploit on port 445."
Old:
"This IRC-based backdoor-worm was found on
August 15th, 2005 in Finland. The backdoor
provides unauthorised access to an infected
computer and also has the capability to
spread to remote computers using the PNP
exploit on port 445."
|
| |
|
|
2005-08-15 19:35
|
Description was changed.
New:
"This IRC-based backdoor-worm was found on
August 15th, 2005 in Finland. The backdoor
provides unauthorised access to an infected
computer and also has the capability to
spread to remote computers using the PNP
exploit on port 445."
Old:
"This IRC-based backdoor-worm was found on
August 15th, 2005 in Finland. The backdoor
provides unauthorised access to an infected
computer and also has the capability to
spread to remote computers using the LSASS
exploit on port 445."
|
|
|
|
|
|
#3 - SYMANTEC
|
| |
|
|
W32.Esbot.A
|
Severity:
3/5
|
File Size:
8,201 bytes
|
| |
|
|
Reported:
2005-08-16 08:04
|
Last Update:
2005-08-23 23:44
|
| |
Description:
W32.Esbot.A is a worm that spreads by exploiting the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS05-039).
|
| |
|
Full Report From Vendor
Removal Tool/Instructions
View/Hide ChangeLog
|
|
ChangeLog:
|
|
|
Changes are listed in chronological order with the latest changes first.
|
|
| |
|
|
2005-08-18 03:44
|
Description was changed.
New:
"W32.Esbot.A is a worm that spreads by
exploiting the Microsoft Windows Plug and
Play Buffer Overflow Vulnerability (described
in Microsoft Security Bulletin MS05-039)."
Old:
"W32.Esbot.A is a worm that spreads by
exploiting the Microsoft Windows Plug and
Play Buffer Overflow Vulnerability (described
in Microsoft Security Bulletin MS05-039). "
|
| |
|
|
2005-08-17 06:50
|
Updated information about removal tool/instructions.
|
| |
|
|
2005-08-17 06:20
|
Description was changed.
New:
"W32.Esbot.A is a worm that spreads by
exploiting the Microsoft Windows Plug and
Play Buffer Overflow Vulnerability (described
in Microsoft Security Bulletin MS05-039). "
Old:
"W32.Esbot.A is a worm that spreads by
exploiting the Microsoft Windows Plug and
Play Buffer Overflow Vulnerability (described
in Microsoft Security Bulletin MS05-039)."
|
| |
|
|
2005-08-17 06:20
|
Updated information about removal tool/instructions.
|
| |
|
|
2005-08-17 01:50
|
Severity was raised from 2/5 to 3/5.
|
| |
|
|
2005-08-17 01:50
|
Description was changed.
New:
"W32.Esbot.A is a worm that spreads by
exploiting the Microsoft Windows Plug and
Play Buffer Overflow Vulnerability (described
in Microsoft Security Bulletin MS05-039)."
Old:
"W32.Esbot.A is a worm that spreads by
exploiting the Microsoft Windows Plug and
Play Service Vulnerability, as described in
Microsoft Security Bulletin MS05-039."
|
|
|
|
|
|
Please note: The information that this Secunia Virus Profile is based on comes from a third party unless stated otherwise.
The grouping process is done completely automatically, therefore minor inconsistencies may occur. For more information about Secunia Virus Information, please read: About Virus Information.
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
