RINBOT.N Virus – My Liesure

The recent virus attack of the worm that goes by the name of WORM_RINBOT.N is partly responsible for me getting a few hours of leisure today :mrgreen: !!! The attack meant that most of the systems had to be isolated and quarantined. So thatz a few less machines to take care of during the course the general work-day! Don’tya ask me about where it happened coz I’m not gonna spill the beans on that one 😉

Anyways, this RINBOT virus is quite a low-risk thing but is capable of some high damage!

This worm propagates via network shares. It does the said routine by dropping a copy of itself in the IPC$ folder, which is a default share. If the share is password-protected, it uses a list of user names and passwords to gain access.

It also takes advantage of the SQL Server 7.0 Service Pack Password vulnerability to propagate across networks

It has backdoor capabilities. It opens random ports and waits for several commands from a remote malicious user. Once a connection is established, it executes the said commands locally, such as termination of processes and logging of keystrokes, effectively compromising the affected system.

Sounds quite a mouthful but it can be a potent scare for big corporate networks and the SysAdmins. Wonder if my friend Mr.TSA is aware of this and has taken any steps to protect him..err…his network I mean!

More Info: Trend Micro | NetVigator | Microsoft

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s