high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Protection available since | 25 January 2005 13:37:32 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
Please read the instructions for removing W32/Sdbot-TW.
More Information
W32/Sdbot-TW is a network worm with backdoor functionality.
W32/Sdbot-TW attempts to spread to network shares with weak passwords. The worm also connects to an IRC server and runs in the background listening for backdoor commands from a remote attacker.
The backdoor functionality of the worm includes being able to download and run code and participate in DDoS attacks. W32/Sdbot-TW is a network worm with backdoor functionality.
W32/Sdbot-TW attempts to spread to network shares with weak passwords. The worm also connects to an IRC server and runs in the background listening for backdoor commands from a remote attacker.
The backdoor functionality of the worm includes being able to download and run code and participate in DDoS attacks.
When first run the worm copies itself to the Windows system folder as IEXPLORE.EXE and creates the following registry entries in order to run itself on system startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Internet Explorer Configuration
IEXPLORE.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
Internet Explorer Configuration
IEXPLORE.EXE
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Internet Explorer Configuration
IEXPLORE.EXE
|
