Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

W32/SdBot-MY

Mar 11, 2004 12:27AM PST

Aliases
Backdoor.IRCBot.gen

Type
Win32 worm

Description
W32/SdBot-MY is a worm which spreads via network shares.
When first run the worm creates a copy of itself named MSIExxx.exe in the Windows system folder and adds the following registry entries to ensure that the copy is run every time Windows starts:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Threaded
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\Threaded

W32/SdBot-MY searches for shared folders with weak passwords and copies itself to the Windows system folder of a vulnerable computer as MSIExxx.exe.

The worm includes backdoor functions which can be controlled by a remote attacker over IRC.

http://www.sophos.com/virusinfo/analyses/w32sdbotmy.html

Discussion is locked