The Web    Google
1/28: Sdbot.Worm!166912 Spreading

1/28: Sdbot.Worm!166912 Spreading
January 28, 2005

W32/Sdbot.worm!166912 is a variant of W32/Sdbot.worm, and bears strong resemblance to the many other members of this rapidly growing family. It bears the following characteristics:

  • propagates to machines vulnerable to the following exploits:
  • DCcomRPC
  • propagates to machines with poorly secured network shares (weak username/password combinations)
  • propagates to MySQL and Microsoft SQL servers that are poorly secured (again weak username/password combinations)
  • propagates to remote machines (it generates random IPs) by attempting to copy itself to a number of shares
  • provides a backdoor to the victim machine, thereby compromising data on that machine (significant remote access functionality is availble to the hacker)

    More information can be found at McAfee page.

  • DOJ Scores First Criminal P2P Convictions
  • 7/12 Atak.A Worm Low Threat but High Traffic
  • 2/2: Symbos_Locknut-A Hits Symbian Devices
  • 11/23: Backdoor.Sdbot.AH a Network-Aware Worm
  • 2/21: MyDoom-BC an Email Worm for Windows
  • AntiOnline Security Spotlight: CD-Wrecker
  • 9/22: Agobot-XJ Worm Exploits Mic Flaws
  • Disaster Recovery Still Just an IT Responsibility
  • Sasser Worm Spreading Rapidly
  • 11/9: Rbot-PG Worm also a Trojan
  • 4/6: Randex-DFJ Worm Attacks Passwords
  • Security Camera Related Information