W32/Raleka.A, B and C
| W32/Raleka.A, B and C |
Destructivity:  Spreading:  Overall risk: 
|
| • Detected by virus detection files published: 8/29/2003 | • Type: Worm |
| • Virus characteristics first published: 8/29/2003 | • Spreading mechanism: Network |
| • Virus characteristics latest update: 2/23/2004 | • Overall risk: Low |
| • Alias: | • Payload: Compromises system security |
| • Infection type: Microsoft Windows 95/98/98 SE/ME/NT 4/2000/XP/2003/Vista |
| Virus type |
Spreading mechanism |
Destructivity and payload |
Additional descriptions |
Detection and removal |
||||||||||
|
The Raleka family of worms spreads through the DCOM RPC exploit, the same method used as the W32/Blaster worms. For the time being we know three variants of this worm. They attempt to download and install a hacker tool called NtRootkit. NtRootkit is a utility that hides itself and can hide other malicious processes. Thus, it may be difficult to find the malicous processes on infected machines. This utility can be attempted downloaded from a predefined web page (which is now down) or from the infected machine. The worm also attempts to connect to IRC servers and join a channel on these; where it announces its presence and can receive commands. |
||||||||||||||