W32/Sdbot-DP is a worm and backdoor for the Windows platform.
W32/Sdbot-DP allows a malicious user remote access to an infected computer
via IRC.
In order to run automatically when Windows starts up W32/Sdbot-DP creates
the following registry entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Win32 USB2 Driver
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\Win32 USB2 Driver
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\Win32 USB2 Driver
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Win32 USB2 Driver
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\Win32 USB2 Driver
The worm also regsiters smsc.exe as a service named Win32 USB2 Driver.
W32/Sdbot-DP spreads to other computers by exploiting the LSASS
vulnerability and a backdoor opened by the Troj/Optix family of Trojans.