W32/Rbot-BD is a member of the W32/Rbot family of worms with backdoor
capabilities.
In order to run automatically when Windows starts up the worm copies itself
to the file systemse.exe in the Windows system folder and adds the following
registry entries pointing to this file:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Update Machine=systemse.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
Microsoft Update Machine=systemse.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Update Machine=systemse.exe.
When run the worm attempts to connect to a remote IRC server. This connection
is used as a control channel that allows a malicious user access to the infected computer.