W32.Mimbot.B
Aliases: W32/Sdbot.worm, W32/Sdbot.worm.gen, W32/Sdbot.worm.gen.b
Variants: Worm:Win32/Slenfbot.OG, W32.HLLW.Donk
Classification: Malware
Category: Computer Worm
Status: Active & Spreading
Spreading: Slow
Geographical info: South America, Europe, Asia
Removal: Easy
Platform: W32
Discovered: 14 Sep 2007
Damage: Medium
Characteristics: Designed to exploit the functionalities of the Instant Messaging service of the operating system, this malware scans for the presence of a specific Instant Messaging client and uses it as a transport mechanism for spreading its infections. Contacts in the list of the Instant Messaging client are potential targets of the W32.Mimbot.B infection. It will open an unsecured backdoor component to allow the remote attacker unobstructed access to the infected computer system.
W32.Mimbot.B Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
RECOMMENDED:
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Mimbot.B from your computer.
More details about W32.Mimbot.B
The W32.Mimbot.B will drop a compressed file using the ZIP format into the directory of the operating system. It will also place a Dynamic Link Library file component into the subfolder of the operating system directory. The W32.Mimbot.B will generate a corresponding Windows Registry key value that will load it into the system memory of running applications. The Windows Registry will also be used by the malware to create a subkey into the Classes category where a component of the malware will be placed. After successfully modifying the system registry the W32.Mimbot.B will use the TCP port 81 to initiate its backdoor component. The backdoor feature of the Worm is activated by connecting to predetermined Internet Relay Chat servers.The backdoor component of the W32.Mimbot.B serves as the bridge between the remote attacker and the compromised computer system. When opened this will facilitate the downloading and arbitrary execution of files in the infected machine. These files may be code updates for the W32.Mimbot.B or other potentially dangerous codes. A Flush DNS command may be issued remotely to clear the Domain Name Server cache in the host machine. The W32.Mimbot.B backdoor component will also allow the remote attacker to take control of the Instant Messaging client as if he was in front of the hijacked machine.
Browse for more malware information
- W32.Mimbot.B
- W32.Minera.A
- W32.Mineup.Worm
- W32.Miniman@mm
- W32.Miroot.Worm
- W32.Mits.A@mm
- W32.Mixor
- W32.Mobler.A
- W32.Mocbot.A
- W32.Mocon
- W32.Mogi
- W32.Momib.A
- W32.Moody.Worm
- W32.Mota.A
- W32.Motsys
- W32.Moubot
- W32.Moulo
- W32.Mournor
- W32.MsWorld@mm
- W32.Mubla.Gen
- W32.Mugly.A@mm
- W32.Mular.A
- W32.Multex.B
- W32.Music.A.Worm
- W32.Muzk.Irc
- W32.MyLife@mm
- W32.MyPower@mm
- W32.Mybabypic.Worm
- W32.Mydoom!gen
- W32.Myfip.A
Contact Us
|
Privacy Policy
|
Site Map
Copyright © Uniblue Systems Limited 2007. All rights reserved.