Find a Partner
This window is encrypted for your security.
Need help? Ask the community or hire an expert.
Go to Avira Answers
In the wild:
Low to medium
Low to medium
- Tuesday, October 12, 2010
Method of propagation:
• Autorun feature
• Symantec: Backdoor.Sdbot
• Kaspersky: Trojan.Win32.Jorik.SdBot.fb
• TrendMicro: TROJ_JORIK.CIB
• Sophos: W32/SdBot-DPL
• Panda: Bck/Ircbot.CZZ
Platforms / OS:
• Windows 2000
• Windows XP
• Windows 2003
• Windows Vista
• Windows 7
• Drops files
• Lowers security settings
• Registry modification
It copies itself to the following location:
One of the following values is added in order to run the process after reboot:
• "Ci Servs"="oldbin.exe"
In order to infect other systems in the Peer to Peer network community the following action is performed: It searches for directories that contain the following substring:
– Furthermore it has the ability to perform actions such as:
• connect to IRC server
• Join IRC channel
• Leave IRC channel
In order to check for its internet connection the following DNS server is contacted:
It checks for running programs that contain one of the following strings:
The malware program was written in MS Visual C++.
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.
Description inserted by Andrei Ilie on Tuesday, March 22, 2011
Description updated by Andrei Ilie on Wednesday, March 23, 2011