Malware type: Worm

Aliases: Backdoor.Win32.IRCBot.ck (Kaspersky), W32/Sdbot.worm (McAfee), W32.IRCBot (Symantec), BDS/Sdbot.Q.Plus (Avira), W32/Sdbot-Fam (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 95, 98, ME, NT, 2000, XP

Encrypted: No

Description: 

This worm spreads via network shares. It generates IP addresses and then attempts to drop a copy of itself in certain default shares of a target address. It may also use its own hardcoded list of passwords in order to gain access to shares with limited access rights.

This worm also has backdoor capabilities. It connects to an Internet Relay Chat (IRC) server and channel, where it listens for commands coming from a remote malicious user. It then executes these commands on the local machine, thus providing the remote user virtual control over the affected system.

For additional information about this threat, see:
Solution
Technical Details

Description created: Jun. 22, 2005 7:32:50 PM GMT -0800
Description updated: Jun. 29, 2005 2:21:25 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.