The recent virus attack of the worm that goes by the name of WORM_RINBOT.N is partly responsible for me getting a few hours of leisure today !!! The attack meant that most of the systems had to be isolated and quarantined. So thatz a few less machines to take care of during the course the general work-day! Don’tya ask me about where it happened coz I’m not gonna spill the beans on that one 😉
Anyways, this RINBOT virus is quite a low-risk thing but is capable of some high damage!
This worm propagates via network shares. It does the said routine by dropping a copy of itself in the IPC$ folder, which is a default share. If the share is password-protected, it uses a list of user names and passwords to gain access.
It also takes advantage of the SQL Server 7.0 Service Pack Password vulnerability to propagate across networks
It has backdoor capabilities. It opens random ports and waits for several commands from a remote malicious user. Once a connection is established, it executes the said commands locally, such as termination of processes and logging of keystrokes, effectively compromising the affected system.
Sounds quite a mouthful but it can be a potent scare for big corporate networks and the SysAdmins. Wonder if my friend Mr.TSA is aware of this and has taken any steps to protect him..err…his network I mean!