Signature Detail

Short Name	WORM:MOFEI:MOFEI-BACKDOOR2
Severity	High
Recommended	No
Recommended Action	Drop
Category	WORM
Keywords	mofei femot w32 worm microsoft backdoor smb netbios
Release Date	2003/08/20
Update Number	1213
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

WORM: Mofei Backdoor Attempt (2)

This signature detects the W32.Mofei worm attempting to report a backdoor. After infecting a host, the W32.Mofei worm attempts to contact one of three servers on the Internet to report a backdoor on the host. A successful attack can allow arbitrary code execution.

Extended Description

MoFei is a worm that infects Windows operating systems. It propagates through default Windows network shares.

References

URL: http://www.sophos.com/virusinfo/analyses/w32mofeib.html
URL: http://www.symantec.co.jp/avcenter/venc/data/w32.femot.d.worm.html
URL: http://www.f-secure.com/v-descs/mofei.shtml

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

WORM: Mofei Backdoor Attempt (2)

Extended Description

References