W32/Sdbot-EB is a worm and backdoor for the Windows platform.
W32/Sdbot-EB allows a malicious user remote access to an infected
computer via IRC.
In order to run automatically when Windows starts up copies itself to smsc.exe
in the Windows system folder and creates the following registry entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Win32 USB2 Driver
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\Win32 USB2 Driver
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\Win32 USB2 Driver
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Win32 USB2 Driver
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\Win32 USB2 Driver
The worm also regsiters smsc.exe as a service named Win32 USB2 Driver.
W32/Sdbot-EB spreads to other computers by exploiting the LSASS
vulnerability and backdoors opened by the Troj/Optix family of Trojans.