Aliases: IRC-Sdbot, Backdoor.IRC.SdBot, BKDR_SDBOT.B, Troj/Sdbot-B, Win32.SdBot.14176
Variants: N/A

Classification: Malware
Category: Trojan Horse

Status: Active & Spreading
Spreading: Slow
Geographical info: Europe, North and South America, and some parts of Asia and Australia
Removal: Easy
Platform: W32
Discovered: 30 Apr 2002
Damage: Medium

Characteristics: W32.DpBot.Trojan or SDBot as known by many, is typically a “bot” specifically known as IRC (Internet Relay Chat. It is also a program or software that usually spreads and comes from several chat sites. Dpbot is another malicious software that has backdoor capabilities. It steals private or confidential files or data from the compromised computer. It can also be destructive, since it has the ability to also download malware on a compromised computer so that it can further damage your computer’s system.

More details about W32.DpBot.Trojan

SDBot also changes registry values to reduce system security; thus, producing several effects such as allowing remote user connection, logging key strokes, connecting itself automatically to the Internet, and concealing itself from the user while staying resident in the background. Surveys also have known that all Windows Operating System can be affected by this vius. It controls the compromised computer by using Internet Relay Chat which is done remotely or locally. Most of the IRC servers known for this Trojan to spread are bmu.h4x0rs.org, bmu.q8hell.org and bmu.FL0W1NG.NET. The Trojan can update itself by checking for newer versions on the Internet in order for it to gain full control of the compromised computer. Once it is executed, like many other viruses, it continuously copies itself to the compromised computer’s system files.

Some known filenames of W32.DpBot.Trojan are Aim95.exe, CMagesta.exe, Cmd32.exe, Cnfgldr.exe, Explorer.exe, FB_PNU.EXE, IEXPL0RE.EXE, MSTasks.exe, MSsrvs32.exe, Mssql.exe, Regrun.exe, Svchosts.exe, Sys32.exe, Sys3f2.exe, Syscfg32.exe, Sysmon16.exe, YahooMsgr.exe, cthelp.exe, iexplore.exe, ipcl32.exe, quicktimeprom.exe, service.exe, sock32.exe, spooler.exe, svhost.exe, syswin32.exe, vcvw.exe, winupdate32.exe and xmconfig.exe. The W32.DpBot.Trojan program normally installs itself inside the system without noticing and calibrated with hidden functionalities that can include other malicious malwares and install other possible threats. This is normally dropped by adware from unsolicited sites. According to reports, this Trojan uses random TCP port and operates as an alternative server as its nasty habit. Its normal function is to collect a request from the victim and distribute the data to the original target. When this Trojan collects an incoming data request, the request is automatically sent to the target server or other third party server.