Aliases: W32/Sdbot-DJG
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 11 Dec 2007
Damage: Low

Characteristics: The W32.Sdbot.DJG program is a worm that propagates through file sharing networks secured by fragile passwords.

More details about W32.Sdbot.DJG

The W32.Sdbot.DJG program opens a backdoor and may get private info from the infected computer. It could also get potentially malicious files and lower down the security settings on the infected computer. When the worm opens, it creates the “%System%\AutoUpdateWin32.exe” file. Then, the W32.Sdbot.DJG program makes registry entries so that it opens when you start Windows. The worm propagates through file sharing networks protected with fragile passwords. Then, the worm runs a backdoor and enables a remote worm to get access to the infected computer. It also tries to get private info from the infected computer. The W32.Sdbot.DJG program may inject malicious codes into the infected computer.

Normally, worms are made only to spread. However, there are reports that this worm sets up and downloads a Trojan backdoor. It can do this by downloading a text file that has a link to the “PE file”. It then gets the file under the “dwn.dat” file in the directory of Windows and opens it. It is thought that the function of this worm makes additional troubles for the user. Since backdoor Trojans could open the contaminated computer to external and remote control through the Local Area Network or the Internet, the computer could then be controlled to make actions not authorized and wanted by the user. Immediate removal is a must.