Dec 16

W32.Gaobot.GW

By admin
Add comments
Virus
 
Name W32.Gaobot.GW
Type Worm
Affected Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
Risk Level 2: Low
Discovered May 26, 2004
Update February 13, 2007 12:23:44 PM
Length
Virus Info W32.Gaobot.GW is a worm that spreads through open network shares and exploits several Windows vulnerabilities including:

  • The DCOM RPC Vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135.
  • The WebDav Vulnerability (described in Microsoft Security Bulletin MS03-007) using TCP port 80.
  • The Workstation Service Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS03-049) using TCP port 445. Windows XP users are protected against this vulnerability if Microsoft Security Bulletin MS03-043 has been applied. Windows 2000 users must apply MS03-049.

W32.Gaobot.GW can act as a backdoor server program initiating Denial of Service (DoS) attacks on other systems. It stops the processes of many antivirus and security programs. It stops the processes of some malware. It also steals Windows Product ID and CD-keys for many popular games.

Note: Virus definitions released on January 23, 2004 detect this threat as W32.HLLW.Gaobot.gen.
Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 50 - 999
  • Number of Sites: More than 10
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Moderate

Damage

  • Damage Level: Medium

Distribution

  • Distribution Level: Medium
Writeup By: Wilson Meng
Details >W32.Gaobot.GW
Save this article to PDF.

"Free Scan W32.Gaobot.GW

Print This Virus article Print This Virus article

This entry was posted on Sunday, December 16th, 2007 at 7:06 pm and is filed under Virus. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Comment

You must be logged in to post a comment.