|
|
 |
| TILEBOT-BH Information |
|
|
| Threat Name: TILEBOT-BH |
|
|
| W32/Tilebot-BH is network worm with backdoor functionality for the Windows platform.
W32/Tilebot-BH runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels. The backdoor component of W32/Tilebot-BH can be instructed to perform the following functions:
scan networks for vulnerabilities
take part in distributed denial of service (DDoS) attacks
packet sniffing
shutdown security related software
download/execute arbitrary files
start an ftp server
start a Proxy server
W32/Tilebot-BH includes functionality to access the internet and communicate with a remote server via HTTP.
W32/Tilebot-BH spreads through network shares protected by weak passwords, MS-SQL servers and through various operating system vulnerabilities, such as LSASS (MS04-011), RPC-DCOM (MS04-012), PNP (MS05-039) and ASN.1 (MS04-007) |
More Information |
|
|
|
|
|
| |
|
|
|
| |
Scan for this threat |
|
|
|
|
|
|
BACKDOOR
a means of access to a computer program that bypasses security mechanisms. A programmer may sometimes install a back door so that the program can be accessed for troubleshooting or other purposes, but an attacker may exploit or use a back door to get unauthorized access to information or install spyware.
|
|
|
|
1 Identified Patterns
| EXE Files |
DLL Files |
Other Files |
|
|
|
|
|
|
|
|
|
|
