Aliases Backdoor.Win32.Rbot.gl; W32/Sdbot.worm.gen.t; W32/Sdbot.DMV;
W32/Forbot-EF is a worm which attempts to spread to remote network shares and computers vulnerable to common exploits. W32/Forbot-EF also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via the IRC network, while running in the background as a service process.
W32/Forbot-EF connects to a preconfigured IRC channel and awaits commands from a remote intruder. These include commands to steal information, delete network shares, reduce system security, start a proxy server, participate in DDoS attacks, exploit vulnerabilities, steal registration keys for computer games and harvest email addresses
from the Windows address book and Instant Messenger configuration files.
W32/Rbot-WB is a worm with backdoor Trojan functionality.
W32/Rbot-WB is capable of spreading to computers on the local network protected by weak passwords after receiving the appropriate backdoor command.
W32/Rbot-WB may also spread by exploiting the following vulnerabilities:
Microsoft SQL servers with weak passwords.