Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » W32/Raleka.A, B and C

Overview

Threat Risk LOW LOW
Destructivity MEDIUM MEDIUM
Payload Compromises system security
Detection files published 28 Aug 2003 03:00:00
Description created 29 Aug 2003 08:26:00
Description updated 31 Aug 2003 03:50:00
Malware type WORM
Alias
Spreading mechanism NETWORK
Summary None

W32/Raleka.A, B and C

Spreading

When the worm is executed, it first attempts to download components from predefined web pages. This download fails because these pages are down.It will then attempt to connect to other computers using semi-random IP numbers, and tries to infect these using the DCOM-RPC vulnerability.The worm creates a file called DOWN.COM, which attempts to connect back to the infected system and download additional components:SVCHOST32.EXESERVICE.EXENTROOTKIT.EXENTROOTKIT.REGThis is done through a simple web server that the worm sets up at a random port above port 32768.

Payload Details

The worm installs backdoor functionality on an infected machine so that outsiders may gain access to it. The additional installation of the NtRootkit program may make some of these programs hard to find.

Analysis

n/a

Removal

n/a


Last Updated: 12 Nov 2015 11:06:10