Visualizza versione completa : WORM_SDBOT.AZ - Rischio 4 - Update

07-12-2003, 16.29.08
This worm drops a copy of itself using the file name, WUPDATED.EXE, in the Windows system folder. It then modifies the Windows registry so that it is executed at every system startup.
It spreads through the network by dropping copies of itself in shared drives with read/write access. It either establishes a connection to the IPC$ share, or it uses its own list of user names and passwords to log on to the system. It also propagates via the Internet, specifically through chat programs, by sending a copy of itself to all contacts found.
This malware also carries a backdoor routine. It has a built in IRC (Internet Relay Chat) client engine, which enables it to connect to an IRC channel and await commands from a remote user.
It runs on Windows NT, 2000 and XP.


Aggiornamento AntiVirus al 07.12.03 ;)(Y)