1. /
  2. Security Response/
  3. W32.Spybot.ACYR

W32.Spybot.ACYR

Risk Level 2: Low

Discovered:
November 27, 2006
Updated:
February 13, 2007 1:02:30 PM
Also Known As:
Backdoor.Win32.SdBot.azz [Kasp, W32/Sdbot.worm!811a7027 [McAfe, WORM_SPYBOT.ZL [Trend Micro]
Type:
Worm
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP


W32.Spybot.ACYR is a worm that spreads through mIRC and to network shares protected by weak passwords. It also spreads by exploiting some vulnerabilities.

Notes:
  • Recent variants of the Spybot worm family exploit several known vulnerabilities, including a SAV 10/SCS 3 vulnerability (SYM06-010), reported in May 2006. A patch for this vulnerability was made available at that time. Symantec highly recommends that users of the affected products patch their systems as soon as they are able to help avoid the spread of this particular Sybot worm family. If systems are infected with any Spybot variant and this security patch has not been applied please read the document, Attempting to migrate from 10.x to a newer version fails after becoming infected with a worm which exploits SYM06-010.
  • IPS signatures against all known and unknown exploits of SYM06-010 were released on May 26, 2006.
  • Excessive network traffic caused by an infection may result in a significant degradation of network performance.


Antivirus Protection Dates

  • Initial Rapid Release version November 28, 2006
  • Latest Rapid Release version September 28, 2010 revision 054
  • Initial Daily Certified version November 28, 2006
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date November 29, 2006
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Moderate

Damage

  • Damage Level: Medium

Distribution

  • Distribution Level: High
Writeup By: Yana Liu

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver