Virus type: Worm
Destructive: No
Description:
This worm propagates via network shares. It drops copies of itself on shares that have full access rights, while on those that have restricted access rights, it attempts to force its way into the system using a list of user names and passwords.
It also has backdoor functionalities. It has a built-in Internet Relay Chat (IRC) client engine which enables it to connect to an IRC channel, where it waits for commands from a remote user.
These commands can do the following:
Send the following information about the infected system:
CPU speed
Size of memory
Windows platform, build version and product ID
Malware uptime
Currently logged on user
Disable network shares
Terminate the malware
Resolve IP or host name by DNS
Retrieve malware status
Execute a .EXE file
Open a file
Flush DNS cache
Disable DCOM
Disconnect/Reconnect from IRC server
Change IRC server
Join a channel
Leave a channel
Send a private message through IRC
Update the malware through HTTP or FTP
Download and execute a file from an HTTP or FTP server
Reboot computer
Shut down computer
Log off current user
List all running processes
Kill a process
This worm steals CD keys of several software.
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.JC
 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
General discussion
WORM_SDBOT.JC
Discussion is locked
CNET Forums
Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Roadshow Autos
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic