Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

WORM_SDBOT.K

Feb 2, 2004 12:04AM PST

Virus type: Worm

Destructive: No

Aliases: Sdbot.K

This worm exploits certain vulnerabilities to propagate across network shares. It takes advantage of the following Windows vulnerabilities:

Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability
IIS5/WEBDAV Buffer Overflow vulnerability
RPC Locator vulnerability
For more information about these Windows vulnerabilities, please refer to the following Microsoft Web pages:

Microsoft Security Bulletin MS03-026
Microsoft Security Bulletin MS03-001
Microsoft Security Bulletin MS03-007
It forces its way into the system by logging in using a short list of user names and passwords.

This worm also has backdoor capabilties. It connects to an mIRC host, and then to a certain channel where it listens for commands coming from a remote user. It also has the capacity to launch flood attacks against a target site.

This malware runs on Windows NT, 2000 and XP.

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.K

Discussion is locked