Tuesday, December 06, 2005

November 19th, 2005 at 4:54 am
This new article is from:
www dot xatrix dot org/article.php?s=4166

W32/Sdbot-ADD is a worm with a troubling and innovative twist – it installs a root-kit backdoor on any machine it manages to infect.

The attack starts with an AOL IM user being asked to open a link. Clicking on this starts the infection sequence, dropping of a number of adware files, and the rootkit software itself, lockx.exe.


  • Remote Support Software

  • PC Remote Control


  • Once on the PC, the malware attempts to shut down anti-virus software, install software that allows the PC to be remotely controlled by IRC, and open a backdoor for future attack. It also contains an SMTP engine with which to collect email addresses.

    According to Chris Boyd of Facetime, the researcher who first discovered the malware, it has strange properties that mark it out. Several of the adware components it installs have been seen before, but what was innovative was the mixture of many different components, the installation of such a potentially dangerous executable, and the fact it attacks via the generally unprotected channel of instant messaging.

    5 comments:

    Anonymous said...

    If you take remote control of the system can it be cleared out or is there too much low levl work that needs to be done that will disconnect a remote tech support person?

    2cents said...

    In some caes you can. It depends on the tools you use to clean.

    Anonymous said...

    You'll have a couple of reboots requires at least. The on-demand remote desktop control software needs to be able to reconnect or have an end-user standing by to reconnect you to the remote computer system. For remote computer support on the web try an online remote support software solution.

    Anonymous said...

    You'll have a couple of reboots requires at least. The on-demand remote desktop control software needs to be able to reconnect or have an end-user standing by to reconnect you to the remote computer system. For remote computer support on the web try an online remote support software solution.

    Anonymous said...

    Great system. My freind tried it out and thought it worked great. He bought a support account for their service.