TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
WORM_SDBOT.BRO
Overview
Solution

Malware type: Worm

Aliases: Backdoor.Win32.SdBot.xr (Kaspersky), W32/Sdbot.worm.gen.as (McAfee), Backdoor.Trojan (Symantec), TR/Crypt.XPACK.Gen (Avira), W32/Rbot-Fam (Sophos),

In the wild: No

Destructive: No

Language: English

Platform: Windows 95, 98, ME, NT, 2000, XP

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 High

Description: 

This memory-resident worm propagates across networks by dropping a copy of itself into accessible network shares.

Upon execution, it drops a copy of itself in the Windows system folder as the file SECCTR.EXE. It then creates registry entries that enable its automatic execution at every system startup.

This malware exploits Windows LSASS vulnerability to propagate across networks. For more information about the said Windows vulnerability, please refer to the following Microsoft Web page:

This worm has backdoor capabilities. It connects to an Internet Relay Chat (IRC) server and joins a specific channel where it listens for commands from a remote malicious user.

For additional information about this threat, see:
Solution
Technical Details

Description created: Apr. 27, 2005 8:35:53 AM GMT -0800
Description updated: Apr. 27, 2005 8:36:15 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.