The Web    Google
1/28: Sdbot.Worm!166912 Spreading

1/28: Sdbot.Worm!166912 Spreading
January 28, 2005

W32/Sdbot.worm!166912 is a variant of W32/Sdbot.worm, and bears strong resemblance to the many other members of this rapidly growing family. It bears the following characteristics:

  • propagates to machines vulnerable to the following exploits:
  • DCcomRPC
  • propagates to machines with poorly secured network shares (weak username/password combinations)
  • propagates to MySQL and Microsoft SQL servers that are poorly secured (again weak username/password combinations)
  • propagates to remote machines (it generates random IPs) by attempting to copy itself to a number of shares
  • provides a backdoor to the victim machine, thereby compromising data on that machine (significant remote access functionality is availble to the hacker)

    More information can be found at McAfee page.

  • Do-Not-Spam List Great For Spammers
  • 2/24: Agobot-QE a Backdoor Trojan & Worm
  • 3/8: Kelvir-D an IM Worm
  • Mass-Mailing Worm Copies Itself to Windows Folder
  • Meta Group Slams Wireless LAN Suppliers on Security
  • 1/13: Expl_Iconex-A an Animated Cursor File
  • 6/9: Downloader.GK a 'High Threat'
  • Viruses Gearing up For The Smart Set
  • 6/8: Trojan.Dingsta.A Logs Keystrokes
  • 4/20: Mytob-CC Worm Modifies Registry
  • Securing your Storage Assets
  • Security Camera Price