W32/Sdbot-OU

Category:	Viruses and Spyware
Type:	Win32 worm
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Summary
More information

W32/Sdbot-OU is a network worm and backdoor Trojan. The worm spreads by copying itself to network shares that have weak passwords.

W32/Sdbot-OU creates a copy of itself named MAJDE.EXE in the Windows system folder and adds the following registry entries to ensure that the copy is run each time the computer restarts:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
ValuSet = MaJde.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
ValuSet = MaJde.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
ValuSet = MaJde.exe

The backdoor component of the worm attempts to connect to an IRC server and awaits commands from a remote attacker.

Try Sophos products for free
Download now

Security Goals

INDUSTRIES & SECTORS

COMPANY SIZE

PRODUCT FEATURES

CASE STUDIES

Company Overview

Our People

INNOVATIVE TECHNOLOGY

ALERT SERVICES

Product Features

Product Families

Complete Security

PRODUCTS BY NAME

Free Tools

Next Steps

RESOURCES

FIND AN ANSWER

Support by Product

Maintain your Product

Hire an Expert

WHAT'S POPULAR

THREAT ANALYSIS

THREAT STATISTICS

WHAT'S POPULAR

Threat Definitions

THREAT MONITORING

SECURITY HUBS

LIBRARY

Whats Popular

WHAT'S NEW

Community

IT SECURITY TRAINING

ANATOMY OF AN ATTACK

RESELLER PARTNERS

Managed Service Providers

SYSTEM INTEGRATORS

OEM and Technology

WHAT'S POPULAR

W32/Sdbot-OU

Free Mac Anti-Virus

Popular topics