Troj/Sdbot-QO is an IRC backdoor Trojan for the Windows platform.
When first run the Trojan copies itself as MediaPIayer.exe to the Windows system folder. In order to run on system start Troj/Sdbot-QO creates the following registry entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
Windows Media Player = MediaPIayer.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Windows Media Player = MediaPIayer.exe
The Trojan joins an IRC channel and awaits further commands from a remote user. The Trojan can be instructed to perform the following tasks:
report system information (filesystem, hardware specifications, processes)
take part in Distributed Denial of Service attacks
visit specified URLs
download and execute arbitrary files
start a proxy server