Aliases
WORM_SDBOT.D
Type
Win32 worm
Description
W32/Sdbot-I is a worm that spreads via network shares and has backdoor capabilities.
Upon execution, W32/Sdbot-I attempts spread to network shares with weak usernames and passwords belonging to computers from a list of randomly generated IP addresses.
In order to run automatically when Windows starts up the worm copies itself to the Windows system folder as service.exe and adds the following registry entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Windows Services
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\Windows Services
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\Windows Services
W32/Sdbot-I then connects to an IRC server and joins a particular channel, providing unauthorised access and control of the computer from an IRC channel.
http://www.sophos.com/virusinfo/analyses/w32sdboti.html
 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
General discussion
W32/Sdbot-I
Discussion is locked
CNET Forums
Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Roadshow Autos
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic