Find a Partner
This window is encrypted for your security.
Need help? Ask the community or hire an expert.
Go to Avira Answers
In the wild:
Low to medium
- Wednesday, February 17, 2010
Methods of propagation:
• Autorun feature
• Local network
• Bitdefender: Backdoor.SDBot.DGFO
• Eset: Win32/AutoRun.Agent.RF
Platforms / OS:
• Windows 2000
• Windows XP
• Windows 2003
• Third party control
• Drops malicious files
• Registry modification
It copies itself to the following locations:
The following files are created:
\auTORUN.inf This is a non malicious text file with the following content:
%code that runs malware%
It tries to executes the following file:
The following registry keys are added in order to run the processes after reboot:
In order to ensure its propagation the malware attemps to connect to other machines as described below.
It makes use of the following Exploits:
(Buffer Overrun in RPCSS Service)
(Vulnerability in Server Service)
IP address generation:
It creates random IP addresses while it keeps the first two octets from its own address. Afterwards it tries to establish a connection with the created addresses.
To deliver system information and to provide remote control it connects to the following IRC Server:
– It injects itself as a remote thread into a process.
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.
Description inserted by Petre Galan on Tuesday, August 10, 2010
Description updated by Petre Galan on Thursday, August 12, 2010