Virus Profile: W32/Sdbot.worm!797C016E
Page 1 of 1
Virus Profile: W32/Sdbot.worm!797C016E
tux Tue Nov 11, 2008 2:37 pm
Risk Assessment
- Home Users: Low
- Corporate Users: Low
Date Discovered: 11/7/2008
Date Added: 11/7/2008
Origin: Unknown
Length: 48690
Type: Virus
SubType: Worm
DAT Required: 5426
Virus Family Statistics (over the past 30 days)
Virus Name Infected Files Scanned Files % Infected Computers
IRC-Sdbot 1,174 17,851,431 0.01
IRC-Sdbot.dr 3,025 5,202,380 0.00
Virus Characteristics
File Property Property Value
FileName fxstal~1.exe
McAfee Detection W32/Sdbot.worm
Length 48,690 bytes
CRC 797C016E
MD5 6ABB6C6CFF603DC3AAAF6B2E39D2C3D9
SHA1 54C55A36B1CA1F56D87D8C199B1A1D9E522E1D70
Other Common Detection Aliases
Company Name Detection Name
avast Win32:Trojan-gen {Other}
AVG (GriSoft) sheur2.oe
Avira Worm/IrcBot.48690
BitDefender Backdoor.RBot.YBJ
Eset Win32/Injector.EN
Kaspersky Backdoor.Win32.IRCBot.gln
microsoft VirTool:Win32/CeeInject.gen!J
AvertĀ® Labs has observed the following system activities:
Activity Risk Level
Modifies memory of other processes
Critical
Writes executable in the windows folder
Low
Creates registry keys and data values to persist on OS reboot
Informational
Other detections that have been observed.
FileName McAfee Supported
%WINDIR%\fxstaller.exe
W32/Sdbot.worm
This sample can be identified by the following symptoms.
System Changes
These are general defaults for typical path variables. (Although they may differ, these examples are common.):
%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files
The following files have been added to the system:
%WINDIR%\fxstaller.exe
The applications created the following network connection(s):
172.16.199.200:4244 (irc)
PASS letmein NICK [00|USA|078459]
PASS letmein NICK [00|USA|078459] USER XP-0614 * 0 :VMG-CLIENT
Indications of Infection
This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section.
Method of Infection
Viruses are self-replicating. They are often spread by a network or by transmission to a removable medium such as a removable disk, writable CD, or USB drive. Viruses may also spread by infecting files on a network file system or a file system that is shared by another computer.
- Home Users: Low
- Corporate Users: Low
Date Discovered: 11/7/2008
Date Added: 11/7/2008
Origin: Unknown
Length: 48690
Type: Virus
SubType: Worm
DAT Required: 5426
Virus Family Statistics (over the past 30 days)
Virus Name Infected Files Scanned Files % Infected Computers
IRC-Sdbot 1,174 17,851,431 0.01
IRC-Sdbot.dr 3,025 5,202,380 0.00
Virus Characteristics
File Property Property Value
FileName fxstal~1.exe
McAfee Detection W32/Sdbot.worm
Length 48,690 bytes
CRC 797C016E
MD5 6ABB6C6CFF603DC3AAAF6B2E39D2C3D9
SHA1 54C55A36B1CA1F56D87D8C199B1A1D9E522E1D70
Other Common Detection Aliases
Company Name Detection Name
avast Win32:Trojan-gen {Other}
AVG (GriSoft) sheur2.oe
Avira Worm/IrcBot.48690
BitDefender Backdoor.RBot.YBJ
Eset Win32/Injector.EN
Kaspersky Backdoor.Win32.IRCBot.gln
microsoft VirTool:Win32/CeeInject.gen!J
AvertĀ® Labs has observed the following system activities:
Activity Risk Level
Modifies memory of other processes
Critical
Writes executable in the windows folder
Low
Creates registry keys and data values to persist on OS reboot
Informational
Other detections that have been observed.
FileName McAfee Supported
%WINDIR%\fxstaller.exe
W32/Sdbot.worm
This sample can be identified by the following symptoms.
System Changes
These are general defaults for typical path variables. (Although they may differ, these examples are common.):
%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files
The following files have been added to the system:
%WINDIR%\fxstaller.exe
The applications created the following network connection(s):
172.16.199.200:4244 (irc)
PASS letmein NICK [00|USA|078459]
PASS letmein NICK [00|USA|078459] USER XP-0614 * 0 :VMG-CLIENT
Indications of Infection
This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section.
Method of Infection
Viruses are self-replicating. They are often spread by a network or by transmission to a removable medium such as a removable disk, writable CD, or USB drive. Viruses may also spread by infecting files on a network file system or a file system that is shared by another computer.
tux- Writer
- Posts : 71
Join date : 2008-11-09
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum