Malware type: Worm

Aliases: Backdoor.Win32.SdBot.awk (Kaspersky), W32/Sdbot.worm.gen.h (McAfee), W32.Spybot.Worm (Symantec), TR/Downloader.Gen (Avira), W32/Rbot-BJV (Sophos), Backdoor:Win32/Rbot (Microsoft)

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 95, 98, ME, NT, 2000, XP

Encrypted: No

Description: 
This memory-resident worm is another variant of the RBOT family that exploits the vulnerability discussed in the following page:

Microsoft Security Bulletin MS04-011

This worm propagates through network shares, and drops a copy of itself as WVSVC.EXE in the Windows system folder. It uses a list of user names and passwords to gain access to shared folders.

It acts as a server program controlled by an Internet Relay Chat (IRC) bot, thus capable of certain backdoor activities. It is also capable of performing denial of service (DoS) attacks.

It runs on Windows 95, 98, ME, NT, 2000, and XP.

For additional information about this threat, see:
Solution
Technical Details
Statistics

Description created: Oct. 20, 2004 3:23:34 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.