Malware type: Worm

Aliases: Backdoor.Win32.Rbot.rf (Kaspersky), W32/Sdbot.worm.gen (McAfee), W32.IRCBot (Symantec), Worm/IrcBot.36069 (Avira), W32/Sdbot-Fam (Sophos),

In the wild: No

Destructive: No

Language: English

Platform: Windows 95, 98, ME, NT, 2000, XP

Encrypted: No

Description: 

This worm spreads by dropping copies of itself into accessible network shares. If a share is inaccessible, it uses a list of user names and passwords for its login credentials.

This worm has backdoor capabilities, which enable it to connect to an Internet Relay Chat (IRC) server. Once a connection is established, it joins a specific IRC channel, where it listens for commands coming from a remote malicious user.

For additional information about this threat, see:
Solution
Technical Details

Description created: Jun. 19, 2005 2:54:22 AM GMT -0800
Description updated: Jun. 19, 2005 2:55:20 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.