Welcome to the Virus Encyclopedia of Panda Security.
|Alias:||WORM_BOBAX.A, W32/Bobax.worm.a, W32.Bobax.A|
It allows to send spam from the affected computer. It restarts the computer and spreads by exploiting the LSASS vulnerability.
|First detected on:||May 17, 2004|
|Detection updated on:||March 15, 2005|
Bobax.A is a worm that spreads via the Internet by exploiting the LSASS vulnerability in remote computers. This vulnerability is critical for Windows XP/2000 operating systems that are not properly updated.
Bobax.A only affects and spreads automatically to Windows XP/2000 computers that have their port 5000 open (by default, this port is open in Windows XP whereas it is closed in Windows 2000). However, computers with other Windows operating systems can also be a source of transmission when a malicious user runs the file containing the worm in any of these computers.
Bobax.A restarts the computer automatically when it attempts to affect Windows XP/2000 computers by exploiting the already mentioned vulnerability.
Bobax.A opens several random ports through which a remote user can use the affected computer as an SMTP mail server in order to send spam.
If you have a Windows XP/2000 computer, it is highly recommendable to download the security patch for the LSASS vulnerability from the Microsoft website.
Bobax.A is easy to recognize, as it restarts Windows XP/2000 computers when it attempts to affect them by exploiting the LSASS vulnerability. When this action is carried out, Bobax.A displays the following message on screen: