TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
WORM_SDBOT.BGB
Overview
Solution

Malware type: Worm

Aliases: Backdoor.Win32.SdBot.yu (Kaspersky), W32/Sdbot.worm.gen (McAfee), W32.Randex (Symantec), Worm/SdBot.35117 (Avira), W32/Sdbot-Fam (Sophos), Backdoor:Win32/Sdbot (Microsoft)

In the wild: No

Destructive: No

Language: English

Platform: Windows 95, 98, 2000, NT, ME, XP

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 High

Description: 

Upon execution, this worm drops a copy of itself as YUJIXIT.EXE in the Windows system folder.

It generates IP addresses and spreads by attempting to drop a copy of itself in the target addresses' default shares.

This worm also uses a hardcoded list of passwords to gain access on shares with limited access rights.

It also connects to an Internet Relay Chat (IRC) server and joins a specific channel, where it listens for certain commands from a remote malicious user, thus gaining virtual control over the affected system.

For additional information about this threat, see:
Solution
Technical Details

Description created: Jun. 12, 2005 11:01:03 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.