Virus Detail

Win32/Cuebot.K

Date Published:
14 Aug 2006

Last Updated:
21 Aug 2006

Threat Assessment

Overall Risk: Low

Wild: Low

Destructiveness: Medium

Pervasiveness: Medium

Characteristics

Type : Worm

Category : Win32

Also known as: CME-762, Win32.Cuebot.K, Win32/Cuebot.K!Worm, W32/Cuebot-M (Sophos), WORM_IRCBOT.JK (Trend), IRC-Mocbot!MS06-040 (McAfee), W32.Wargbot (Symantec), Backdoor.Win32.IRCBot.st (Kaspersky)

Immediate Protection Info

Signature	Product	Removal Instructions
30.3.3017	eTrust Antivirus v7/8*	View
23.72.96	eTrust Antivirus v7/8* (InoculateIT Engine)	View
6.x/9926	eTrust EZ Antivirus 6.x	View
7.x/2339	eTrust EZ Antivirus 7.x	View
12.6.2339	Vet 7	View
10.6x/9926	Vet Anti-Virus 10.6x	View

Tools

Signature file information

Scan for viruses

Submit a Virus Sample

Description

Win32/Cuebot.K is a worm that spreads by exploiting the Microsoft Windows Server service buffer overflow vulnerability. The worm can also be used as a backdoor that allows its remote controller unauthorized access to the affected machine. It has been distributed as a 9,374-byte Win32 executable.

In order to spread, the worm attempts to exploit the Microsoft Windows Server service buffer overflow vulnerability. For more information on this vulnerability, please visit:

http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34486
http://www.microsoft.com/technet/security/Bulletin/MS06-040.mspx

This malware is detected by eTrust Antivirus solutions. Please see above for the relevant signature updates.

This malware is being dissected by the CA Security Advisory Team.