W32/SdBot-KY is a worm with an IRC backdoor.
In order to run automatically when Windows starts up the worm copies
itself to the file wumgrd.exe in the Windows system folder and adds the following registry entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
Microsoft Update = "wumgrd.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Microsoft Update = "wumgrd.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\
Microsoft Update = "wumgrd.exe"
The worm attempts top copy itself to the Windows system folder on weakly protected network shares.
W32/SdBot-KY has a backdoor component that allows a malicious user to
remotely control an infected system