W32/Sdbot-AYF is a network worm with backdoor Trojan functionality for the Windows platform.
The worm spreads through network shares protected by weak passwords, MS-SQL servers and through various operating system vulnerabilities.
W32/Sdbot-AYF connects to a predetermined IRC channel and awaits further commands from remote users.
Patches for the vulnerabilities exploited by W32/Sdbot-AYF can be obtained from Microsoft at:
Troj/BagleDl-R is a downloader Trojan which will download, install and run new software without notification that it is doing so.
Troj/BagleDl-R includes functionality to:
- inject its code into EXPLORER.EXE
- modify the HOSTS file
- disable other software, including anti-virus, firewall and security related applications
Troj/BagleDl-R then attempts to download files from remote websites and run them.
Troj/BagleDl-R may also run MSPAINT.EXE in an attempt to obfuscate itself.