SDBOT worms are known to drop a copy of itself in the Windows system folder and modifies the registry to enable the worm to execute at every Windows startup.
The worm propagates via network shares. Some of the SDBOT worms create a helper batch file to do this process, while some directly does this by creating a CMD.EXE shell process.
Some variants of this malware have backdoor capabilities which allow a malicious user to do the following actions:
Terminate a process
Flood a target host
Connect to a particular IRC server
Download a file from the Internet
Visit a particular URL
Uninstall the malware
Retrieve the system information such as CPU speed and memory size
Download an updated copy of itself
Execute denial of service (DoS) attack
It usually runs on Windows NT, 2000, and XP.
VirusTotal says that BitDefender, Kaspersky and Nod32 are the only ones that actually caught it, even though they don't even know what the hell it is exactly. Their definitions didn't catch it, heuristics did. Evey other AV said it was A OK.pimpyobitch said:I don't mind those, because virus software picks it up fast.