Discovered: May 10, 2005
Updated: February 13, 2007 12:38:44 PM
Also Known As: Hacktool.DCOMScan, Win32.Berkor.A [Computer Assoc, Net-Worm.Win32.Padobot.z [Kasp, Exploit-DcomRpc.gen [McAfee], W32/Doxpar-C [Sophos], WORM_KORGO.AG [Trend Micro]
Type: Worm
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
W32.Ifbo.A is a worm that spreads by exploiting he Microsoft Windows Local Security Authority Service Remote Buffer Overflow (as described in
Microsoft Security Bulletin MS04-011) and disables security services.
Note: Virus definitions dated prior to May 11, 2005 may detect this threat as
Hacktool.DCOMScan.
Protection
-
Initial Rapid Release version May 11, 2005
-
Latest Rapid Release version September 18, 2007 revision 041
-
Initial Daily Certified version May 11, 2005
-
Latest Daily Certified version January 15, 2008 revision 017
-
Initial Weekly Certified release date May 11, 2005
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
-
Wild Level: Low
-
Number of Infections: 0 - 49
-
Number of Sites: 3 - 9
-
Geographical Distribution: Low
-
Threat Containment: Easy
-
Removal: Moderate
Damage
Distribution
-
Distribution Level: Medium
Writeup By: Fergal Ladley
