Wow, a busy little bugger isn't it? http://www.sophos.com/virusinfo/analyses/w32kidalaa.html
W32/Kidala-A is a mass-mailing worm and IRC backdoor Trojan for the Windows platform. W32/Kidala-A runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels. W32/Kidala-A spreads to other network computers by: - via file sharing on P2P networks - copying itself to network shares protected by weak passwords - exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812), MSSQL (MS02-039) (CAN-2002-0649) and Realcast - sending itself to instant messenger contacts in MSN Messenger, Yahoo instant Messenger and AOL Instant Messenger. - to other network computers infected with: Troj/Kuang, Troj/Sub7, W32/Sasser, Troj/NetDevil and Troj/Optix W32/Kidala-A includes functionality to: - perform DDoS attacks - setup a SOCKS4 server - download code from the internet John T eServices For You "Seek, and ye shall find!" --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
