Welcome to the Virus Encyclopedia of Panda Security.
It uses the RPC DCOM and WebDAV vulnerabilities in order to spread to as many computers as possible. It connects to an IRC server and waits for control commands. It allows to obtain information on the affected computer, run files, etc.>>>
|First detected on:||Sept. 19, 2003|
|Detection updated on:||Sept. 21, 2009|
|Yes, using TruPrevent Technologies
Gaobot.gen is a generic detection for future variants of the Gaobot family. This group of worms have backdoor characteristics, and share the following common features:
It only affects Windows 2003/XP/2000/NT computers.
It exploits the RPC DCOM and WebDAV vulnerabilities to spread to as many computers as possible.
It connects to a specified IRC server and waits for control commands.
As a backdoor, it allows to obtain information on the affected computer, run files, launch DDoS (distributed denial of service) attacks, etc.
If you have a Windows 2003/XP/2000/NT computer, it is highly recommendable to download the security patches for the RPC DCOM and WebDAV vulnerabilities from the Microsoft website.
A clear indication that Gaobot.gen has reached the computer is that the network traffic increases on the ports 135 and 445, as the worm attempts to exploit the RPC DCOM vulnerability.