Aliases
Backdoor.IRCBot.gen, W32/Randbot.worm
Type
Win32 worm
Description
W32/SdBot-BB is a worm which attempts to spread to ADMIN$ and C$ network shares and allows unauthorised remote access to a computer via IRC channels while running in the background as a service process.
On execution W32/SdBot-BB attempts to copy itself to the available ADMIN$ and C$ network shares with the filename GT.exe in the Windows system32 folder.
The worm copies itself to the Windows system32 folder as toker.exe and adds to the following registry entries to run itself on system restart:
HKLM\Software\Microsoft\Windows\CurrentVersion\
Run\Registration Service
HKLM\Software\Microsoft\Windows\CurrentVersion\
RunServices\Registration Service
http://www.sophos.com/virusinfo/analyses/w32sdbotbb.html

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic