Aliases: Backdoor.Win32.SdBot.ta, Win32.HLLW.Emslip, Backdoor:IRC/SdBot
Variants: IRC/BackDoor.SdBot.80.X, W32/Turnet.A.worm, Win32/Emslip.A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia
Removal: Easy
Platform: W32
Discovered: 08 Dec 2003
Damage: Low

Characteristics: The W32.SillyP2P program is a generic exposure that identifies variants of the W32.Silly family worms that multiply through file sharing applications.

More details about W32.SillyP2P

According to expert users, the W32.SillyP2P worm may also integrate its own database of potential username and passwords to be used on network security to try to gain access to the system. It will first detect the terminals in a local area network (LAN) through the infected machine and will start its basic routines from there. There were speculations that this malware program has the ability to modify the Registry values of machines running under Windows operating systems to allow it to load during Windows startup. It may also be capable of infecting data packets sent to and from the host machine to other network terminals. When the W32.SillyP2P worm is opened, it may create a duplicate of itself in the “%System%” or “%Windir%” folder. The W32.SillyP2P worm changes the registry key so that it is opened each time Windows begins. In a lot of cases, the W32.SillyP2P utilizes one or more of the loading points to be sure that it opens when you begin Windows. This worm multiplies through file sharing applications.

The W32.SillyP2P worm can use a disguise for it to be installed in the compromised machine. Commonly, this kind of malware goes with a legitimate application or file. It will wait until the user triggers it so it can be installed into the machine as well. There are also some malware of this kind that disguises themselves like a usable or interesting file. The malware will be installed when these files are opened. These infected files commonly come from peer-to-peer websites. The W32.SillyP2P worm may have also originated from these websites.