Incidents

Hybrid IM malware making rounds

Today we’ve been getting more and more reports of a particular Backdoor.Win32.SdBot variant spreading.

This SdBot is packed using UPX, Upolyx and Morphine, we detect it using our generic signature as Backdoor.Win32.SdBot.gen.

This is a true hybrid worm as it contains many functions, firstly the IRCBot which can spread over the network, next to this it has got AIM and P2P spreading capabilities.
Embedded in the bot is an IM-Worm.Win32.Kelvir variant and a rootkit to stealth the presence on the system.

This worm has been actively spreading over IRC yesterday and today the target seemed the MSN network, both as a link to a website.
Luckily the offending website has been taken down now, but that hasn’t prevented a major spread. I received quite a lot of reports from the Netherlands.

The danger is not over as this complete package is dificult to get off the system. Kaspersky Anti-Virus users were proactively protected from installation onto the system.

Hybrid IM malware making rounds

Your email address will not be published. Required fields are marked *

 

Reports

How to catch a wild triangle

How Kaspersky researchers obtained all stages of the Operation Triangulation campaign targeting iPhones and iPads, including zero-day exploits, validators, TriangleDB implant and additional modules.

Subscribe to our weekly e-mails

The hottest research right in your inbox