WORM_SDBOT.BCE - Description and solution

WORM_SDBOT.BCE

Overview

Solution

Technical Details

Malware type: Worm

Aliases: W32/Sdbot.worm.gen (McAfee), Backdoor.Sdbot (Symantec), Worm/SdBot.35328 (Avira), W32/Sdbot-Fam (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows NT, 2000, XP

Encrypted: No

Overall risk rating:

Reported infections:
Damage potential:		High
Distribution potential:		High

Description:

This memory-resident worm propagates via AOL Instant Messenger (AIM) by sending a copy of itself as the file BESTFRIENDS.SCR. When executed, it drops a copy of itself in the Windows system folder as the file LSVHOSTS.EXE.

It also has backdoor capabilities. It acts as an Internet Relay Chat (IRC) bot, which grants a malicious user remote access over the affected machine and perform certain commands.

For additional information about this threat, see:
Solution
Technical Details

Description created: Feb. 6, 2005 4:42:21 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.