Malware type: Worm

Aliases: Backdoor.Win32.SdBot.ti (Kaspersky), W32/Sdbot.worm.gen.t (McAfee), W32.IRCBot.Gen (Symantec), Worm/SdBot.68033 (Avira), Backdoor:Win32/Sdbot (Microsoft)

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 95, 98, ME, NT, 2000, XP

Encrypted: No

Description: 

This worm uses a list of weak user names and passwords to access network shares.

This worm also logs keystrokes and saves them in the file NTFSDI.TXT in the Windows systems folder. It also steals the CD keys of popular game applications.

This worm also has backdoor capabilities. It connects to an Internet Relay Chat (IRC) server, where it allows a malicious user to perform certain commands.

It also deletes the following shared folders:

• ADMIN$
• C$
• D$
• IPC$

It runs on Windows 95, 98, ME, NT, 2000, and XP.

For additional information about this threat, see:
Solution
Technical Details

Description created: Oct. 1, 2004 4:26:50 AM GMT -0800
Description updated: Oct. 1, 2004 4:28:43 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.