PC Security Shield Virus Alert: Backdoor.Win32.SdBot.145408

  • Also Known As
  • WORM_SDBOT.UK [Trend], Backdoor.Win32.SdBot.ry [Kaspersky], Win32/IRCBot.worm.145408.D [AhnLab]   
  • Type
  • Backdoor 
  • Systems Affected
  • Win32 
  • Resident in System Memory
  • No
  • Origin
  • others
  • Encryption
  • No
  • How it spread
  • Network, Security vulnerabilities
  • Infection symptoms
  • Changes registry, Information leak, Accessing certain IRC server, Opens the specific port, Creates file
  • Specific date of infections
  •  None
  • Destructivity/ Distribution Potential
  • ** / ***  

    Technical Description

    Summary

    It spreads via Window security vulnerability and password vulnerability, the backdoor port opened by another backdoor.

    When the backdoor is executed, it copies itself as "spoolsvc.exe" in the Windows system folder and executes itself then opens 2 random TCP

    port. It connects to specified IRC channel with Remote port 6667.

    The spreading method:

    Backdoor is dowloaded and installed in the relevant system if the following vulnerability is found after IP scanning.

    Infected system opens 2 TCP random port, and specified IRC chanel is linked with remote port 6667 so system information is exposed or another system is infected.



    How to repair:       [Repair by using The Shield AntiVirus]



    The Shield AntiVirus


    Security Shield AntiVirus - Total Internet Security