TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
WORM_SDBOT.ZZH
Overview
Solution

Malware type: Worm

Aliases: W32/Sdbot.worm.gen.bj (McAfee), W32.IRCBot (Symantec), Worm/SdBot.38912.13 (Avira), W32/Sdbot-Fam (Sophos),

In the wild: No

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 High

Description: 

Upon execution, this memory-resident worm drops a copy of itself in the Windows system folder as YUJIXIT.EXE. It then creates registry entries to enable its automatic execution at every system startup.

It propagates across networks by dropping a copy of itself into accessible network shares. If a share is not readily accessible, it uses a list of user names and passwords to log on to the target share.

This worm also has backdoor capabilities. It opens random ports, allowing a remote user to access and perform malicious commands on an affected machine. The said routine provides remote users virtual control over affected systems, thus compromising system security.

For additional information about this threat, see:
Solution
Technical Details

Description created: Jul. 17, 2005 7:39:13 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.