SecureZone Admin
efnet user
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
After infection the worm will turn off security controls in the Windows firewall and open a
backdoor that will allow a remote attacker to have control over the machine.
Last week Microsoft released a patch for the Windows server flaw (MS06-040) exploited by Cuebot.
The Department of Home Land Security in the US last week released a warning of the
potential danger of the vulnerability.
It would seem that this worm, is actually just an IRC bot that spreads through exploit this
new vulnerability. Although it has been dubbed a worm by some virus Anti-Virus firms.
A link on information relating to the vulnerability can be found here:
http://www.microsoft.com/technet/security/…n/MS06-040.mspx
An analysis of the worm dubbed WORM_IRCBOT.JL by Trend Micro can be found here:
any new update on this
http://meta-human.net/blog