Sophos

W32/Sdbot-OV

Aliases
  • Backdoor.Win32.SdBot.ry
  • W32/Sdbot.worm.gen.h
  • WORM_RANDEX.L
Category
Type
What to do
Prevalence low high

Summary

 
How it spreads
  • Network shares
Affected operating systems Windows
Characteristics
  • Installs itself in the registry
Protection available since 7 September 2004 22:32:41 (GMT)
Detected by All Sophos products
Download Free virus scan
Download the Threat Detection Test
  • Free virus, spyware, and adware scan
  • Test your existing anti-virus protection
  • Find threats your anti-virus missed

Action

More Information

W32/Sdbot-OV is a worm for the Windows platform. The worm includes some backdoor functionality.

W32/Sdbot-OV spreads to shared folders on the local network. W32/Sdbot-OV is a worm for the Windows platform. The worm includes some backdoor functionality.
W32/Sdbot-OV spreads to shared folders on the local network.

When run the worm copies itself to usb32.exe in the Windows system folder and adds the following registry entries:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Win32 Usb Driver = "usb32.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
Win32 Usb Driver = "usb32.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
Win32 Usb Driver = "usb32.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Win32 Usb Driver = "usb32.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
Win32 Usb Driver = "usb32.exe"

W32/Sdbot-OV allows unauthorised access to the infected computer via IRC.
The backdoor function include distributed denial of service attacks, operating as a proxy server and stealing informatin relating to some popular games.

RSS|Atom
Get reports about the latest virus and spyware threats delivered to your computer