SdBot.msfirewall.A
Category: Trojan
Risk:
Severe Risk
* Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.
Description: SDBot is the name of a family of remote access tools, also known as backdoors or worms, used by hackers to control a machine without the owner's knowledge. SDBot can copy itself to the Windows System directory or, depending on the variant, other directories within the Windows System directory. It places itself in Windows startup by creating a subkey in one of these registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run SDBot connects to an IRC (Internet Relay Chat) server to wait for other commands from the malicious attacker. The attacker can remotely execute commands for many functions including cloning and updating SDbot itself, deleting and/or downloading files, capturing the screen and/or keystrokes, logging and transmitting machine and user information, sending UDP and ICMP packets to remote computers. SDBot can also turn off the victim machine's anti-virus software.
Alias: None
Signatures:
process: msfierwall.exe: MD5 Hash: 1f2fd81abf46fec632a..
Copyright @2006 THR Computer Solutions: SdBot.msfirewall.A