Malware type: Worm

Aliases: Backdoor.Win32.SdBot.ly (Kaspersky), W32/Sdbot.worm.gen.n (McAfee), W32.Randex.gen (Symantec), Worm/SdBot.73216 (Avira), Mal/IRCBot-B (Sophos), Backdoor:Win32/Sdbot (Microsoft)

In the wild: Yes

Destructive: No

Language: English

Platform: Windows NT, 2000, XP

Encrypted: No

Description: 

This memory-resident worm propagates via network shares. It scans the network for weak passwords and attempts to drop a copy of itself to target machines within the network. It accesses these network shares by using a list of weak user names and passwords.

It has backdoor capabilities, which enables this malware to connect to a normal mIRC port. When a connection has been established, it waits for commands from a remote malicious, which this worm performs to compromise a system.

It also has the ability to steal CD keys of popular game applications.

This worm has keylogging capabilities that enable it to monitor user keystrokes.

It allows remote malicious users to launch flood attacks from infected machines against target sites.

It runs on Windows NT, 2000 and XP.

For additional information about this threat, see:
Solution
Technical Details

Description created: Apr. 10, 2004 5:21:51 AM GMT -0800
Description updated: Dec. 4, 2004 7:25:54 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.