Troj/Sdbot-SA is an IRC backdoor Trojan that has spreading capability.
Troj/Sdbot-SA copies itself into the Windows system folder as m41n.exe and sets the following registry entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Messenger Explorer = m41n.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
Messenger Explorer = m41n.exe
Troj/Sdbot-SA logs onto a predefined IRC server and waits for backdoor commands. The spreading functionality of the Trojan can be activated by a backdoor command. When activated, the Trojan will attempt to copy itself into shares.