Welcome to the Virus Encyclopedia of Panda Security.
It uses the LSASS, RPC DCOM and WINS vulnerabilities, among other means, in order to spread to as many computers as possible. It installs a TFTP server, obtains user and system information, etc.
|First detected on:||Jan. 27, 2005|
|Detection updated on:||Jan. 3, 2007|
|Yes, using TruPrevent Technologies
Gaobot.CRP is a worm that installs a TFTP server in the affected computer. Using that server, files of any nature, including malware, can be downloaded to the affected computer.
Additionally, Gaobot.CRP allows to obtain information about the computer, serial numbers of games that are installed, users' personal information, etc.
Gaobot.CRP uses different means to spread:
It makes copies of itself in the shared network resources it accesses to.
It exploits the LSASS, RPC DCOM and WINS vulnerabilities to spread across the Internet.
It uses the exploit known as MySQL UDF Dynamic Library Exploit, which takes advantage of weak passwords in MySQL installations on Windows computers.
If you have a Windows 2003/XP/2000/NT computer, it is highly recommendable to download the security patches for the LSASS, RPC DCOM and WINS vulnerabilities from the Microsoft website.
Gaobot.CRP is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.