This worm propagates via network shares. It attempts to drop copies of itself in available network shared folders. It uses its own list of user names and passwords to access password-protected shares. It also generates IP addresses to drop copies of itself in the default shares of target addresses.

In addition, this worm takes advantage of the Windows IIS/WebDAV vulnerability to propagate across networks. TREND MICRO - Security Information: WORM_AGOBOT.AXJ

Linked by shanmuga Friday, 14th October 2005 7:04AM