Hybrid IM malware making rounds

Today we’ve been getting more and more reports of a particular Backdoor.Win32.SdBot variant spreading.

This SdBot is packed using UPX, Upolyx and Morphine, we detect it using our generic signature as Backdoor.Win32.SdBot.gen.

This is a true hybrid worm as it contains many functions, firstly the IRCBot which can spread over the network, next to this it has got AIM and P2P spreading capabilities.
Embedded in the bot is an IM-Worm.Win32.Kelvir variant and a rootkit to stealth the presence on the system.

This worm has been actively spreading over IRC yesterday and today the target seemed the MSN network, both as a link to a website.
Luckily the offending website has been taken down now, but that hasn’t prevented a major spread. I received quite a lot of reports from the Netherlands.

The danger is not over as this complete package is dificult to get off the system. Kaspersky Anti-Virus users were proactively protected from installation onto the system.

Hybrid IM malware making rounds

Your email address will not be published. Required fields are marked *



APT trends report Q1 2024

The report features the most significant developments relating to APT groups in Q1 2024, including the new malware campaigns DuneQuixote and Durian, and hacktivist activity.

Subscribe to our weekly e-mails

The hottest research right in your inbox