W32/Sdbot-SP is a network worm with a backdoor component. The worm spreads by copying itself to network shares that have weak passwords.
W32/Sdbot-SP copies itself to MYLCUKY.EXE in the Windows system folder and adds the following registry entries to ensure that the copy is run each time Windows starts:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Lucky charms CD
mylcuky.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Lucky charms CD
mylcuky.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
Lucky charms CD
mylcuky.exe
Sophos's anti-virus products include proactive protection technology, which can defend against new threats without requiring an update. Sophos customers have been protected against W32/Sdbot-SP (detected as W32/Sdbot-Fam) since version 3.89.