The Web    Google
9/21: Sdbot-PK Worm Scans for Vulnerabilties

9/21: Sdbot-PK Worm Scans for Vulnerabilties
September 21, 2004

W32/Sdbot-PK is a member of the W32/Sdbot family of internet worms that spread by scanning for and exploiting known vulnerabilities and weakly protected accounts.

The worm connects to a remote IRC server and enables a malicious user to remotely control an infected machine.

W32/Sdbot-PK drops Troj/NtRootK-F as the file msdirectx.sys, which it employs to hide its process.

More information is at Sophos page.

  • Virus Alert: Worm Spreads Via Hidden System Shares
  • 5/2: LegMir-DR a Password-Stealing Trojan
  • 10/12: Forbot-AZ Worm Has Backdoor
  • 1/31: Unfunner-A Worm Moves Via MSN Messenger
  • Corporate Data Leaks Spur Interest in Storage Security
  • 8/2: MyDoom-P Sends Spoofed Emails
  • 'Critical' Windows Hijack Flaw Reported
  • 1/3: Sdbot-SW Worm Hits Remote Shares
  • 4/13: Spybot-NLX Worm Has DDoS Abilities
  • 3/29: Krynos-B Worm Drops Copy of Itself
  • Trolling For Anti-Phishing Laws
  • Computer security background information