Backdoor:Win32/Graweg.A!CME-482

Update: This threat has been renamed [URL]Backdoor:Win32/Mocbot.A.

 

Backdoor:Win32/Graweg.A is an IRC Trojan that connects to an IRC channel and awaits commands from remote attackers. When instructed, Backdoor:Win32/Graweg.A begins searching the local network for systems which have not yet applied the Microsoft Windows Server Service security patch described in Microsoft Security Bulletin MS06-040. The Trojan also includes the ability to send messages via AOL Instant Messenger (AIM) and ICQ. The exploit code used by Backdoor:Win32/Graweg.A is only effective against un-patched systems running Windows 2000. However, the Trojan can still infect patched versions of Windows 2000 and other Windows operating systems by means other than exploit. For example, Backdoor:Win32/Graweg.A could be distributed as an e-mail attachment, or a link to the Trojan could be sent to e-mail or AIM recipients.

 

Backdoor:Win32/Graweg.A may lower security settings on infected systems and allows the system to be used for nefarious purposes, such as launching a Denial of Service (DoS) attack against others. Backdoor:Win32/Graweg.A includes the ability to download other files, thus the Trojan could update its functionality or download additional malicious software to infected systems.

 

Backdoor:Win32/Graweg.A has been assigned CME ID 482 and will be detected by Microsoft as