W32/Sdbot-UP is an IRC backdoor Trojan and network worm.
W32/Sdbot-UP attempts tp spread to remote network shares protected by weak passwords and computers vulnerable to common exploits.
W32/Sdbot-UP opens up a backdoor, allowing unauthorised remote access to the infected computer via the IRC network, while running in the background as a service process.
W32/Sdbot-UP can receive commands from a remote attacker which include instructions to terminate processes and participate in DDoS attacks.
W32/Sdbot-UP copies itself to the Windows system folder and creates the following registry entries in order to run itself automatically on computer login:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Mozilla Firefox =
F1REF0X.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
Mozilla Firefox =
F1REF0X.EXE