x
48h OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
SPECIAL OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET A 50% OFF
x
CHRISTMAS OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 40% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 50% OFF
x
BLACKFRIDAY OFFER
Buy the best antivirus
at the best price
TODAY ONLY UP TO 70% OFF
x
CYBERMONDAY OFFER
Buy the best antivirus
at the best price
(Only for homeusers)
TODAY ONLY UP TO 70% OFF
Active Scan. Scan your PC free
Panda Protection

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Bobax.D

Threat LevelModerate threatDamageHighDistributionNot widespread
Common name:Bobax.D
Technical name:W32/Bobax.D.worm
Threat level:Low
Type:Worm
Effects:  

It allows to send spam from the affected computer. It restarts the computer and spreads by exploiting the LSASS and RPC DCOM vulnerabilities.

Affected platforms:

Windows 2003/XP/2000/NT/ME/98/95

First detected on:May 22, 2004
Detection updated on:May 24, 2004
StatisticsNo

Brief Description 

    

Bobax.D is a worm that spreads via the Internet by exploiting the RPC DCOM and LSASS vulnerabilities in remote computers. The RPC DCOM vulnerability is critical for Windows 2003/XP/2000/NT computers that are not properly updated, whereas the LSASS vulnerability is critical for Windows XP/2000 operating systems that have not been patched.

When it exploits the LSASS vulnerability, Bobax.D can only affect and spread automatically to Windows XP/2000 computers that have their port 5000 open (by default, this port is open in Windows XP whereas it is closed in Windows 2000). However, computers with other Windows operating systems can also be a source of transmission when a malicious user runs the file containing the worm in any of these computers.

However, when it exploits the RPC DCOM vulnerability, Bobax.D affects Windows 2003/XP/2000/NT computers.

In both cases, Bobax.D restarts the computer automatically when it attempts to affect it by exploiting any of these vulnerabilities.

Bobax.D opens several random ports through which a remote user can use the affected computer as an SMTP mail server in order to send spam.

If you have any of the Windows operating systems mentioned above installed in your computer, it is highly recommendable to download the security patches for the RPC DCOM and LSASS vulnerabilities from the Microsoft website.

Visible Symptoms 

    

Bobax.D is easy to recognize, as it restarts affected computers when it attempts to affect them by exploiting the RPC DCOM (Windows 2003/XP/2000/NT) or LSASS (Windows XP/2000) vulnerabilities.

For example, if Bobax.D successfully exploits the LSASS vulnerability, the following message is displayed on screen: