Today we’ve been getting more and more reports of a particular Backdoor.Win32.SdBot variant spreading.
This SdBot is packed using UPX, Upolyx and Morphine, we detect it using our generic signature as Backdoor.Win32.SdBot.gen.
This is a true hybrid worm as it contains many functions, firstly the IRCBot which can spread over the network, next to this it has got AIM and P2P spreading capabilities.
Embedded in the bot is an IM-Worm.Win32.Kelvir variant and a rootkit to stealth the presence on the system.
This worm has been actively spreading over IRC yesterday and today the target seemed the MSN network, both as a link to a website.
Luckily the offending website has been taken down now, but that hasn’t prevented a major spread. I received quite a lot of reports from the Netherlands.
The danger is not over as this complete package is dificult to get off the system. Kaspersky Anti-Virus users were proactively protected from installation onto the system.