W32/Tpbot-A is a network worm with backdoor Trojan functionality for the Windows platform.
When run, W32/Tpbot-A copies itself to the Windows system folder as wintbp.exe and creates the following registry entry in order to run each time a user logs on:
W32/Tpbot-A spreads using a variety of techniques including the exploitation of operating system vulnerabilities such as LSASS (MS04-011) and PnP (MS05-039).
The backdoor component connects to an IRC server and joins a predetermined channel where it then awaits commands from attackers.
W32/Tpbot-A may attempt to download and execute additional files.