Welcome to the Virus Encyclopedia of Panda Security.
|Common name:||Worm Gen.GA|
|Technical name:||Worm Generic.GA|
It uses the RPC DCOM and WebDAV vulnerabilities in order to spread to as many computers as possible. It connects to an IRC server and waits for control commands. It allows to obtain information on the affected computer, run files, etc.
|First detected on:||June 22, 2004|
|Detection updated on:||Aug. 5, 2004|
|Yes, using TruPrevent Technologies
Worm Gen.GA is a generic detection for future variants of unknown worms. This group of worms have backdoor characteristics, and share the following common features:
It only affects Windows 2003/XP/2000/NT computers.
It exploits the RPC DCOM and WebDAV vulnerabilities to spread to as many computers as possible.
It connects to a specified IRC server and waits for control commands.
As a backdoor, it allows to obtain information on the affected computer, run files, launch DDoS (distributed denial of service) attacks, etc.
If you have a Windows 2003/XP/2000/NT computer, it is highly recommendable to download the security patches for the RPC DCOM and WebDAV vulnerabilities from the Microsoft website.
A clear indication that Worm Gen.GA has reached the computer is that the network traffic increases on the ports 135 and 445, as the worm attempts to exploit the RPC DCOM vulnerability.