Welcome to the Virus Encyclopedia of Panda Security.
It sends massive amounts of information to remote computers. It can damage the Windows Registry or key files for the correct functioning of the computer.
|First detected on:||July 13, 2001|
|Detection updated on:||March 26, 2003|
Nuker.W32.Meliksah is a Trojan that allows malicious users to attack computers and firewalls (applications that protect connections) remotely through a TCP/IP connection. This Trojan is written in Borland Delphi and its size is 210,432 Bytes.
Once executed, Nuker.W32.Meliksah will display the following graphic interface:
This Trojan allows users to carry out two types of attacks:
Firstly, Nuker.W32.Meliksah enables attackers to send OOB (Out Of Band) data packets to computers through the TCP port 139. This attack takes advantage of a vulnerability found in Windows Netbios interface, which makes it imposible for the targeted system to process the data received. As a result of this the computer will block, therefore causing all information that was not previously saved to be lost.
Secondly, Nuker.W32.Meliksah allows hackers to attack firewalls. Firewalls are programs aimed at protecting networked computers from unauthorized users. Generally these programs protect TCP/IP stack ports, by blocking every data received at the ports that were not authorized to receive data. This attack takes advantage of a programming bug known as Conseal Firewall Bug.