Welcome to the Virus Encyclopedia of Panda Security.
It connects to web servers in order to receive remote control commands, such as send spam, download a file, etc. It prevents users from accessing several websites. It spreads via email and across the Internet by exploiting the LSASS vulnerability, and is also downloaded to the computer by the Trojan Downloader.CZR.
|First detected on:||June 3, 2005|
|Detection updated on:||June 6, 2005|
|Yes, using TruPrevent Technologies
Bobax.AO is a worm that allows to be remotely administrated, by making queries to web servers. The worm can receive and carry out the following commands:
- Update itself.
- Download a file and run it.
- Check the Internet connection speed.
- Send spam to a list of email addresses.
- Send a copy of itself via email.
- Attempt to affect remote computers by exploiting the LSASS vulnerability. This vulnerability is critical for Windows XP/2000 operating systems that have not been patched.
Bobax.AO prevents users from accessing certain web pages, mostly belonging to antivirus companies.
Although this worm can be instructed to spread via email or across the Internet, it is also downloaded to computers affected by the Trojan detected as Downloader.CZR.
If you have a Windows XP/2000 computer, it is highly recommendable to download the security patch for the LSASS vulnerability from the Microsoft website.
Bobax.AO is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.