PC Security Shield Virus Alert: Backdoor.Win32.SdBot.145408
  • Also Known As
    		•  WORM_SDBOT.UK [Trend], Backdoor.Win32.SdBot.ry [Kaspersky], Win32/IRCBot.worm.145408.D [AhnLab]   
  • Type
    		•  Backdoor 
  • Systems Affected
    		•  Win32 
  • Resident in System Memory
    		•  No
  • Origin
    		•  others
  • Encryption
    		•  No
  • Discovered on
    		•  09/14/2006
  • How it spread
    		•  Network, Security vulnerabilities
  • Infection symptoms
    		•  Changes registry, Information leak, Accessing certain IRC server, Opens the specific port, Creates file
  • Specific date of infections
    		•   None
  • Destructivity/ Distribution Potential
    		•  ** / ***  
  • ViRobot version able to detect/repair
    		•  Able to detect/repair
    [ViRobot version: 09/13/2006 

    Technical Description

    Summary

    It spreads via Window security vulnerability and password vulnerability, the backdoor port opened by another backdoor.

    When the backdoor is executed, it copies itself as "spoolsvc.exe" in the Windows system folder and executes itself then opens 2 random TCP

    port. It connects to specified IRC channel with Remote port 6667.

    The spreading method:

    Backdoor is dowloaded and installed in the relevant system if the following vulnerability is found after IP scanning.

    Infected system opens 2 TCP random port, and specified IRC chanel is linked with remote port 6667 so system information is exposed or another system is infected.



    How to repair:       [Repair by using The Shield AntiVirus 2007]


    The Shield Pro AntiVirus & Firewall 2007


    The Shield 2007 PRO Anti Virus