W32/Sdbot-ACC is a worm and IRC backdoor Trojan for the Windows platform.
W32/Sdbot-ACC runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
When first run W32/Sdbot-ACC copies itself to <System>\netsender.exe.
The following registry entries are created to run netsender.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Messenger Protocol
netsender.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Messenger Protocol
netsender.exe
Sophos's anti-virus products include Genotype™ detection technology, which can proactively protect against new threats without requiring an update. Sophos customers have been protected against W32/Sdbot-ACC (detected as W32/Sdbot-Fam) since version 3.80.