The Web    Google
9/21: Sdbot-PK Worm Scans for Vulnerabilties

9/21: Sdbot-PK Worm Scans for Vulnerabilties
September 21, 2004

W32/Sdbot-PK is a member of the W32/Sdbot family of internet worms that spread by scanning for and exploiting known vulnerabilities and weakly protected accounts.

The worm connects to a remote IRC server and enables a malicious user to remotely control an infected machine.

W32/Sdbot-PK drops Troj/NtRootK-F as the file msdirectx.sys, which it employs to hide its process.

More information is at Sophos page.

  • 7/1: PWSteal.Refest Steals Banking Info
  • How hacking has entered the age of mass production.
  • Humans Still Weakest Security Link
  • 11/8: Backdoor.Maxload Attacks Linux, Unix
  • 12/2: QLowZones-4 Trojans Attack IE
  • 12/8: Rbot-RJ Worm Spreads to Shares
  • 4/27: Mytob-CY Worm Arrives as Email Attachment
  • 4/12: Mytob-AR Yet Another Variant
  • Symantec, Nortel Play Team Defense
  • AntiOnline Spotlight: Network Security Made Easy?
  • Securing your Storage Assets
  • Security Camera Companies and products