Plexus.A is a worm that spreads through different means:
Through the Internet by exploiting the RPC DCOM and LSASS vulnerabilities in remote computers. The RPC DCOM vulnerability is critical for Windows 2003/XP/2000/NT computers that are not properly updated, whereas the LSASS vulnerability is critical for Windows XP/2000 operating systems that have not been patched.
Via e-mail, in an e-mail message with an attached file.
- Through the peer-to-peer (P2P) file sharing program KaZaA.
- Across computer networks.
When it exploits the LSASS vulnerability, Plexus.A can only affect and spread automatically to Windows XP/2000 computers that have their port 5000 open (by default, this port is open in Windows XP whereas it is closed in Windows 2000). However, computers with other Windows operating systems can also be a source of transmission when a malicious user runs the file containing the worm in any of these computers.
However, when it exploits the RPC DCOM vulnerability, Plexus.A affects Windows 2003/XP/2000/NT computers.
In both cases, Plexus.A restarts the computer automatically.
Plexus.A opens the TCP port 1250 and a random port and listens to them. If it were a connection available thorugh these ports, a remote user could download and execute files in the affected computer.
If you have any of the Windows operating systems mentioned above installed in your computer, it is highly recommendable to download the security patches for the RPC DCOM and LSASS vulnerabilities from the Microsoft website.