Find a Partner
This window is encrypted for your security.
Need help? Ask the community or hire an expert.
Go to Avira Answers
Backdoor.SdBot.gen (AVP), Backdoor/IRC.SdBot (RAV), Mindjail, W32.HLLW.Cult.C@mm (Symantec)
Spreads by email and IRC.
The email sent by the worm looks as below:
Subject: Hi, I sent you an eCard from BlueMountain.com
Body: To view your eCard, open the attachment If you have any comments or questions, please visit http://www.bluemountain.com/customer/index.pd Thanks for using BlueMountain.com.
The Trojan connects to the IRC port to receive instructions for Denial of Service attacks or for downloading and executing programs.
When the attachment is opened, the local system is infected.
The worm is copied in Windows System directory (%SysDir%) as iexplorer.exe and the following registry autostart entry is made:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ Run "sysconfig" = iexplorer.exe
Description inserted by Crony Walker on Tuesday, June 15, 2004