W32/Sdbot-VL is a worm with backdoor functionality.
W32/Sdbot-VL may spread to remote network shares with weak passwords.
W32/Sdbot-VL connects to a predetermined IRC channel and runs in the background listening for backdoor commands.
W32/Sdbot-VL contains functionality to participate in denial of service attacks and download and run further code.
W32/Sdbot-VL may spread as an archive file that also drops the proxy Trojan Troj/Ranck-CC.
W32/Sdbot-VL is a worm with backdoor functionality.
W32/Sdbot-VL may spread to remote network shares with weak passwords.
W32/Sdbot-VL connects to a predetermined IRC channel and runs in the background listening for backdoor commands.
W32/Sdbot-VL contains functionality to participate in denial of service attacks and download and run further code.
W32/Sdbot-VL may spread as an archive file KERENEBO.EXE, which also drops the proxy Trojan Troj/Ranck-CC.
W32/Sdbot-VL copies itself to the Windows system folder as UWANAH.EXE and creates the following registry entries in order to run itself on system startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
uwanah
uwanah.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
uwanah
uwanah.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
uwanah
uwanah.exe