By GoldSparrow in Worms

Gaobot is a worm that spreads through several methods such as open network shares, backdoors in which the Beagle and Mydoom worms install, and the following Windows vulnerabilities:

DCOM RPC Vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135.

Workstation Service Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS03-049) using TCP port 445. Windows XP users are protected against this vulnerability if Microsoft Security Bulletin MS03-043 has been applied. Windows 2000 users must apply MS03-049.

Exploitation of Microsoft Windows Local Security Authority Service Remote Buffer Overflow (described in Microsoft Security Bulletin MS04-011).

The Gaobot worm maliciously attempts to block security programs on the users PC. Gaobot also has the ability to attack other systems by acting as a backdoor server program.


6 security vendors flagged this file as malicious.

Anti-Virus Software Detection
Sophos Mal/HckPk-A
Prevx1 Malware:Gaobot.B
Panda Suspicious file
Microsoft Trojan:Win32/SystemHijack.gen
eSafe suspicious Trojan/Worm
AntiVir TR/Crypt.ULPM.Gen

SpyHunter Detects & Remove Gaobot

File System Details

Gaobot may create the following file(s):
# File Name MD5 Detections
1. explore.exe 0007deb0315ac62b81f3eb10d71166ba 0

Related Posts


Most Viewed