Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

W32/Sdbot-AE

Feb 16, 2004 12:44AM PST

Aliases
Exploit-DcomRpc.gen, BKDR_SDBOT.GEN

Type
Win32 worm

Description
W32/Sdbot-AE is a worm that spreads on unpatched Windows systems by exploiting the RPC/DCOM vulnerability. The worm also has a backdoor component that allows a remote attacker access to a compromised system via the IRC network.
In order to run automatically when Windows starts up W32/Sdbot-AE creates the following registry entries pointing to the worm binary:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Windows Service
HKU\Software\Microsoft\Windows\CurrentVersion\Run\Windows Service

The spreading routine of the worm is activated remotely via the IRC control channel.

http://www.sophos.com/virusinfo/analyses/w32sdbotae.html

Discussion is locked