Bobax.D is a worm that spreads via the Internet by exploiting the RPC DCOM and LSASS vulnerabilities in remote computers. The RPC DCOM vulnerability is critical for Windows 2003/XP/2000/NT computers that are not properly updated, whereas the LSASS vulnerability is critical for Windows XP/2000 operating systems that have not been patched.
When it exploits the LSASS vulnerability, Bobax.D can only affect and spread automatically to Windows XP/2000 computers that have their port 5000 open (by default, this port is open in Windows XP whereas it is closed in Windows 2000). However, computers with other Windows operating systems can also be a source of transmission when a malicious user runs the file containing the worm in any of these computers.
However, when it exploits the RPC DCOM vulnerability, Bobax.D affects Windows 2003/XP/2000/NT computers.
In both cases, Bobax.D restarts the computer automatically when it attempts to affect it by exploiting any of these vulnerabilities.
Bobax.D opens several random ports through which a remote user can use the affected computer as an SMTP mail server in order to send spam.
If you have any of the Windows operating systems mentioned above installed in your computer, it is highly recommendable to download the security patches for the RPC DCOM and LSASS vulnerabilities from the Microsoft website.