Secunia - Stay Secure
Home Corporate Website Jobs Updated Mailing Lists RSS Blog  Online Shop Advertise
Software Inspectors
  Scan Online
  Personal (PSI)
  Network (NSI 2.0)

Solutions For
  Security Professionals
  Security Vendors

Free Solutions For
  Open Communities
  Journalists & Media

Secunia Advisories
  Search
  Historic Advisories
  Listed By Product
  Listed By Vendor
  Statistics / Graphs
  Secunia Research
  Report Vulnerability
  About Advisories

Virus Information
  Chronological List
  Last 10 Virus Alerts
  About Virus Information

Secunia Customers
  Customer Area


RBOT.CBQ

First Report: 2005-08-16 23:46
Last Update: 2005-08-24 23:42
Risk Rating: Medium Risk
Medium Risk
Aliases: Bozori.A
CME-540
Net-Worm.Win32.Bozori.a
No
W32.Zotob.E
W32/Bozori.worm.a!CME-540
W32/IRCbot.worm!MS05-039
W32/Tpbot-A
Win32.Tpbot.A
WORM_RBOT.CBQ
Zotob.D
Virus Alerts: Secunia issued a MEDIUM RISK alert for this virus.
2005-08-17 03:49
Information From AntiVirus Vendors


Below you will find virus information from different antivirus vendors included in this Secunia Virus Profile. Information about the virus along with links to removal tools will be listed below when available.

The information provided is sorted by the date on which the information first became publicy available on the antivirus vendors' websites. The earliest available reports are displayed first. Please note timestamps are in GMT+1.



#1 - MCAFEE

W32/IRCbot.worm!MS05-039

 Severity:
3/7 		File Size:
10366 bytes
Reported:
2005-08-17 00:57 		Last Update:
2005-08-24 23:42
Description:
Due to a decrease in prevalence W32/IRCbot.worm!MS05-039 is being lowered to Low-Profiled risk. --
Full Report From Vendor  Removal Tool/Instructions  View/Hide ChangeLog

ChangeLog:

Changes are listed in chronological order with the latest changes first.


2005-08-19 20:42 Severity was decreased from 4/7 to 3/7.

2005-08-19 20:42 Description was changed.

New:
"Due to a decrease in prevalence
W32/IRCbot.worm!MS05-039 is being lowered to
Low-Profiled risk. --"

Old:
"Due to a decrease in reports of new
infections, W32/IRCbot.worm!MS05-039 is being
lowered to Medium risk. --"

2005-08-18 07:47 Severity was decreased from 6/7 to 4/7.

2005-08-18 07:47 Description was changed.

New:
"Due to a decrease in reports of new
infections, W32/IRCbot.worm!MS05-039 is being
lowered to Medium risk. --"

Old:
"This detection is for an Internet Relay Chat
(IRC) bot worm which includes the ability to
spread by exploiting systems which are not
yet patched for the MS05-039 vulnerability ."

2005-08-17 05:07 Updated information about removal tool/instructions.

2005-08-17 05:02 Updated information about removal tool/instructions.

2005-08-17 04:52 Updated information about removal tool/instructions.

2005-08-17 04:47 Updated information about removal tool/instructions.

2005-08-17 04:12 Updated information about removal tool/instructions.

2005-08-17 04:02 Updated information about removal tool/instructions.

2005-08-17 03:47 Updated information about removal tool/instructions.

2005-08-17 03:42 Updated information about removal tool/instructions.

2005-08-17 03:27 Updated information about removal tool/instructions.

2005-08-17 03:22 Updated information about removal tool/instructions.

2005-08-17 03:17 Updated information about removal tool/instructions.

2005-08-17 03:12 Updated information about removal tool/instructions.

2005-08-17 03:07 Updated information about removal tool/instructions.

2005-08-17 03:02 Updated information about removal tool/instructions.

2005-08-17 02:57 Updated information about removal tool/instructions.

2005-08-17 02:52 Updated information about removal tool/instructions.

2005-08-17 02:32 Updated information about removal tool/instructions.

2005-08-17 01:37 Description was changed.

New:
"This detection is for an Internet Relay Chat
(IRC) bot worm which includes the ability to
spread by exploiting systems which are not
yet patched for the MS05-039 vulnerability ."

Old:
"This detection is for an IRC bot worm which
includes the ability to spread by exploiting
systems which are not yet patched for the
MS05-039 vulnerability ."

2005-08-17 01:22 Description was changed.

New:
"This detection is for an IRC bot worm which
includes the ability to spread by exploiting
systems which are not yet patched for the
MS05-039 vulnerability ."

Old:
"AVERT has received a sample of this threat
and is currently in the process of analyzing
it. Details will be posted when they are
available. Please check back shortly. Top of
Page"


#2 - F-SECURE

Zotob.D

 Severity:
2/3 		File Size:
-
Reported:
2005-08-17 02:10 		Last Update:
2005-08-18 15:45
Description:
We changed detection name for Zotob.D to Bozori.A. Please see the following description of Bozori.A:
Full Report From Vendor  View/Hide ChangeLog

ChangeLog:

Changes are listed in chronological order with the latest changes first.


2005-08-18 15:45 Updated information about removal tool/instructions.

2005-08-18 11:45 Updated information about removal tool/instructions.

2005-08-17 10:51 Description was changed.

New:
"We changed detection name for Zotob.D to
Bozori.A. Please see the following
description of Bozori.A:"

Old:
"This IRC-based backdoor-worm was found on
August 16th, 2005. The backdoor provides
unauthorised access to an infected computer
and also has the capability to spread to
remote computers using the PNP exploit."

2005-08-17 10:51 File size was changed.

New:
"N/A"

Old:
"10366"

2005-08-17 02:51 Severity was raised from N/A to 2/3.


#3 - SYMANTEC

W32.Zotob.E

 Severity:
3/5 		File Size:
10,366 bytes.
Reported:
2005-08-17 02:23 		Last Update:
2005-08-22 23:44
Description:
W32.Zotob.E is a worm that opens a back door and exploits the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS05-039) on TCP port 445.
Full Report From Vendor  Removal Tool/Instructions  View/Hide ChangeLog

ChangeLog:

Changes are listed in chronological order with the latest changes first.


2005-08-17 08:50 Updated information about removal tool/instructions.


#4 - SOPHOS

W32/Tpbot-A

 Severity:
2/5 		File Size:
-
Reported:
2005-08-17 02:48 		Last Update:
2005-08-23 23:45
Description:
Full Report From Vendor


#5 - F-SECURE

Bozori.A

 Severity:
2/3 		File Size:
10366
Reported:
2005-08-17 10:35 		Last Update:
2005-08-18 11:45
Description:
This IRC-based backdoor-worm was found on August 16th, 2005. The backdoor provides unauthorised access to an infected computer and also has the capability to spread to remote computers using the PNP exploit.
Full Report From Vendor  Removal Tool/Instructions  View/Hide ChangeLog

ChangeLog:

Changes are listed in chronological order with the latest changes first.


2005-08-18 11:45 Updated information about removal tool/instructions.



Please note: The information that this Secunia Virus Profile is based on comes from a third party unless stated otherwise.

The grouping process is done completely automatically, therefore minor inconsistencies may occur. For more information about Secunia Virus Information, please read: About Virus Information.







Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Do you think it's important to read Setup/User Guides for applications for use within your network?


See Results   


Most Popular Advisories

1.
rPath update for kernel and xen
2.
Opera Multiple Vulnerabilities
3.
Folder Lock Weak Password Encryption Security Issue
4.
vBulletin Private Message Subject Script Insertion
5.
PHP Live Helper Multiple Vulnerabilities
6.
Microsoft Access Snapshot Viewer ActiveX Control Vulnerability
7.
Anzio Web Print Object (WePO) ActiveX Component "mainurl" Buffer Overflow
8.
Subdreamer Light Global Variables SQL Injection Vulnerability
9.
neon "parse_domain() " Denial of Service Vulnerability
10.
SunShop Shopping Cart class.ajax.php SQL Injection Vulnerabilities





Vulnerability Management - Terms & Conditions - Copyright 2002-2008 Secunia - Compliance - Contact Secunia