W32/Sdbot-AE is a worm that spreads on unpatched Windows systems by exploiting the RPC/DCOM vulnerability. The worm also has a backdoor component that allows a remote attacker access to a compromised system via the IRC network.
In order to run automatically when Windows starts up W32/Sdbot-AE creates the following registry entries pointing to the worm binary:
The spreading routine of the worm is activated remotely via the IRC control channel.
Pint-size luxury and funky style
Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.