TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
WORM_SDBOT.EXT
Overview
Solution

Malware type: Worm

Aliases: Backdoor.Win32.DsBot.hv (Kaspersky), W32/Checkout!91d0b88a (McAfee), W32.Spybot.Worm (Symantec), Worm/SdBot.41984.42 (Avira), W32/Imagine-A (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 Medium

Infection Channel 1 : Propagates via instant messaging applications

Description: 

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

WORM_SDBOT.EXT Behavior Diagram

Malware Overview

This worm may arrive bundled with malware packages as a malware component. It may be downloaded unknowingly by a user when visiting malicious Web sites.

It drops copies of itself.

It sends a .ZIP file containing a copy of itself via MSN Messenger, a popular instant messaging application.

It connects to IRC servers. It joins IRC channels. It executes commands from a remote malicious user. The said routine compromises system security.

For additional information about this threat, see:
Solution
Technical Details

Description created: Aug. 8, 2007 6:14:27 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.