Welcome to the Virus Encyclopedia of Panda Security.
It uses the RPC DCOM and WebDAV vulnerabilities in order to spread to as many computers as possible. It connects to an IRC server and waits for control commands. It allows to obtain information on the affected computer, run files, etc.
|Detection updated on:||April 12, 2004|
|Yes, using TruPrevent Technologies
Gaobot.MZ is a worm with backdoor characteristics that only affects Windows 2003/XP/2000/NT computers.
Gaobot.MZ spreads by attacking IP addresses, in which it tries to exploit the RPC DCOM and WebDAV vulnerabilities.
Once it has affected a computer, Gaobot.MZ connects to a specified IRC server and waits for control commands to be carried out.
In addition, it allows to obtain information on the affected computer, run files, launch DDoS (distributed denial of service) attacks, etc.
If you have a Windows 2003/XP/2000/NT computer, it is highly recommendable to download the security patches for the RPC DCOM and WebDAV vulnerabilities from the Microsoft website.
A clear indication that Gaobot.MZ has reached the computer is that the network traffic increases on the ports 135 and 445, as the worm attempts to exploit the RPC DCOM vulnerability.