TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
BKDR_SDBOT.GEN
Overview
Solution

Malware type: Backdoor

Aliases: Backdoor.Win32.IRCBot.gen (Kaspersky), W32.Randex.gen (Symantec), Worm/SdBot.67072.47 (Avira), W32/Sdbot-Fam (Sophos),

In the wild: No

Destructive: No

Language: English

Platform: Windows 95, 98, ME, NT, 2000, XP

Encrypted: Yes

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 Low

Description: 

This backdoor connects to a specific Internet Relay Chat (IRC) server and joins a particular IRC channel where it waits for commands coming from a remote malicious user. Once these commands are processed on an infected system, the malicious user can perform any or all of the following activities:

  • Capture screen
  • Clone bot (the malware itself)
  • Delete files
  • Download a file
  • Download file via FTP
  • Execute a file
  • Gather the following information and retrieve them via email:
    • CPU speed
    • Total memory size
    • Free memory size
    • Windows platform
    • Time connected
    • Current user
    • Connection type
    • IP address
  • Join another IRC server using a given nick
  • List processes
  • List shares on a system
  • Log machine information
  • Perform SYN and ICMP floods
  • Retrieve network information
  • Send TCP and UDP packets
  • Start keylogging
  • Update itself
  • Visit a particular Web site

For additional information about this threat, see:
Solution
Technical Details

Description created: Jun. 4, 2005 12:22:02 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.