Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

WORM_SDBOT.AZ

Dec 6, 2003 10:33AM PST

Virus type: Worm

Destructive: No

Aliases: Backdoor.SDBot.Gen, Backdoor/SdBot.Server, IRC/BackDoor.SdBot.VW

Description:

This worm drops a copy of itself using the file name, WUPDATED.EXE, in the Windows system folder. It then modifies the Windows registry so that it is executed at every system startup.

It spreads through the network by dropping copies of itself in shared drives with read/write access. It either establishes a connection to the IPC$ share, or it uses its own list of user names and passwords to log on to the system. It also propagates via the Internet, specifically through chat programs, by sending a copy of itself to all contacts found.

This malware also carries a backdoor routine. It has a built in IRC (Internet Relay Chat) client engine, which enables it to connect to an IRC channel and await commands from a remote user.

It runs on Windows NT, 2000 and XP.

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AZ

Discussion is locked