Discovered: January 6, 2006
Updated: February 13, 2007 12:50:29 PM
Also Known As: Win32/Seenbot.{FR, FU, FX} [Computer Associates], Backdoor.Win32.IRCBot.{ln, ny} [Kaspersky Lab], Backdoor.Win32.Pakes [Kaspersk, Trojan.Win32.Pakes [Kaspersky , W32/IRCbot.worm.gen [McAfee], W32/Opanki.worm [McAfee], W32/Sdbot.worm.gen.bh [McAfee], W32/Opanki-Y [Sophos], W32/Rbot-Fam [Sophos], BKDR_IRCBOT.CW [Trend Micro], WORM_OPANKI.{BF, BH} [Trend Micro]
Type: Worm
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
W32.Loxbot.D is a worm that opens a back door on the compromised computer allowing a remote attacker to issue various commands and spreads using AOL Instant Messenger. The worm also uses rootkit capabilities to hide its process in memory.
Protection
-
Initial Rapid Release version January 6, 2006
-
Latest Rapid Release version August 2, 2008 revision 020
-
Initial Daily Certified version January 6, 2006
-
Latest Daily Certified version August 2, 2008 revision 021
-
Initial Weekly Certified release date January 11, 2006
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
-
Wild Level: Low
-
Number of Infections: 0 - 49
-
Number of Sites: 0 - 2
-
Geographical Distribution: Low
-
Threat Containment: Easy
-
Removal: Moderate
Damage
Distribution
-
Distribution Level: Medium
Writeup By: Jeong Mun
