Threat Information for "BackDoor.IRC.Sdbot.151"
| Summary | Top |
- Name: BackDoor.IRC.Sdbot.151
- Aliases:Worm/IRCBot.FV, W32/Sdbot.LZC, Win32:Ircbot-BD, BackDoor.Generic.QOZ, Backdoor.IRCBot.FV, Trojan.IRCBot-241
- Date Discovered: 2006-08-18
- Protection Added: 2006-08-24
| Description | Top |
-- Ease of Removal 1: Creates new registry entries randomly from a hard-coded list 2: Creates new registry entries randomly named from a hard-coded list 3: Uses running processes 4: Consistent file contents 5: Creates new registry entries with consistent data -- Privacy Risks/Security Changes 1: Harvests nonspecific personal data 2: Downloads other threats 3: Transmits personal data to remote computers 4: Opens backdoors [VIRUS ONLY] -- Damage/Intrusion/Annoyance 1: Autoruns at startup without an option to be disabled -- Propagation/Saturation 1: Infects with other exploitation method 2: Creates new files 3: Mimics legitimate file names
| Technical Details | Top |
- Added Directory/File:
FilePath: %SYSTEMDIR%\*.* MD5: 33c887fbcd45fe82a0c8acf6a619b9a1 - Added Registry Data:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: isass - Added Registry Data:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: system32\iexplore - Added Registry Data:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: spoolsvc - Added Registry Data:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: spooisv - Added Registry Data:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: system\iexplore - Added Registry Data:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: winiogon
