W32/Sdbot-OW is a worm that attempts to spread via remote network shares. The worm tries to access various network computers with shared folders using weak passwords.
W32/Sdbot-OW contains backdoor Trojan functions that allows unauthorised remote access to the infected computer via IRC channels while running in the background.
When run W32/Sdbot-OW copies itself to the Windows system folder as isng.exe.
The worm also creates the following registry entries so that it is able to run on user logon or computer startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Regional Value = isng.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Regional Value = isng.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Regional Value = isng.exe