Aliases
Backdoor.IRCBot.gen, W32/Sdbot.worm.gen
Type
Win32 worm
Description
W32/SdBot-AD is a worm with backdoor functionalities which allows unauthorised access and control of the computer from IRC channels.
Upon execution, W32/SdBot-AD drops two copies of itself to the Windows System folder as cmst32.exe and spoolserv.exe. The worm also drops the following files to the same folder:
pctime32.bat, detected as W32/SdBot-AD
runtime.bat, detected as W32/SdBot-AD
svhost32.exe, PSEXEC, a legitimate networking utility
smshost.exe - Troj/Saye-A which is infected by W32/Parite-B
In order to run automatically when Windows starts up the worm adds the following registry entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft DirectX
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\Microsoft DirectX
The worm attempts to copy itself to the Windows system folder on weakly protected network shares and executes the dropped worm copy.
http://www.sophos.com/virusinfo/analyses/w32sdbotad.html

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic