Discovered: June 27, 2003
Updated: February 13, 2007 12:03:00 PM
Also Known As: W32/Slanper.worm [McAfee], W32/Slanper-A [Sophos], Worm.Win32.Randex.d [KAV]
Type: Worm
Systems Affected: Windows 2000, Windows NT, Windows XP
W32.Randex.D is a network-aware worm that will copy itself to the following paths on computers with weak administrator passwords:
- \Admin$\system32\msmsgri32.exe
- \c$\winnt\system32\msmsgri32.exe
The worm will also drop a Backdoor Trojan detected as
Backdoor.Roxy, which will listen on the following TCP ports:
NOTE:
- The virus definitions dated prior to July 31, 2003 detect the dropped file as Backdoor.Trojan.
- The detection for W32.Randex.D was updated in virus definitions dated August 6, 2003 to account for the discovery of a minor variant. This file exhibited the same characteristics as previous samples.
Protection
-
Initial Rapid Release version June 28, 2003
-
Latest Rapid Release version August 20, 2008 revision 017
-
Initial Daily Certified version June 28, 2003
-
Latest Daily Certified version August 20, 2008 revision 016
-
Initial Weekly Certified release date June 28, 2003
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
-
Wild Level: Low
-
Number of Infections: 50 - 999
-
Number of Sites: More than 10
-
Geographical Distribution: Low
-
Threat Containment: Easy
-
Removal: Moderate
Damage
Distribution
-
Distribution Level: Medium
Writeup By: Douglas Knowles
