TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
WORM_SDBOT.BOO
Overview
Solution

Malware type: Worm

Aliases: Backdoor.Win32.ForBot.x (Kaspersky), W32/Sdbot.worm.gen.bj (McAfee), W32.IRCBot (Symantec), BDS/ForBot.X (Avira), W32/Sdbot-Fam (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 95, 98, ME, NT, 2000, XP

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 High

Description: 

This worm generates IP addresses and spreads by attempting to drop a copy of itself in target addresses' default shares. If the said shares are password-protected, it uses gathered lists of user names and passwords as well as a hardcoded list of user names and passwords as its login credentials to gain access.

Using a random port, it connects to an Internet Relay Chat (IRC) server and joins a specific channel, where it listens for commands from a remote malicious user. The said commands are executed locally on affected machines.

For additional information about this threat, see:
Solution
Technical Details

Description created: Jul. 4, 2005 7:24:16 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.