We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Worm:Win32/Gaobot.ZX
Detected by Microsoft Defender Antivirus
Aliases: Win32.HLLW.Agobot (Dr.Web) Win32/Agobot.AEE (ESET) Backdoor.Win32.Agobot.xm (Kaspersky) W32/Gaobot.worm.gen.e (McAfee) W32.HLLW.Gaobot (Symantec) WORM_SDBOT.ALST (Trend Micro)
Summary
Win32/Gaobot.ZX.worm is a network worm that can spread across network connections by exploiting the vulnerability described in Microsoft Security Bulletin MS03-026. The worm has backdoor capabilities, which allows attackers to control the infected computer using IRC channels. The worm also acts as a bot on the IRC network, coordinated through the IRC command, to launch massive distributed denial of service (DDoS) attacks and retrieve personal and system information.
Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as the Microsoft Safety Scanner (http://go.microsoft.com/fwlink/?LinkId=212742). For more information, see http://www.microsoft.com/protect/computer/viruses/vista.mspx.
Follow us
