1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP SDBot Activity

HTTP SDBot Activity

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to download Backdoor.Sdbot which may give an attack remote access to the compromised computer.

Additional Information

Backdoor.Sdbot.AN is a worm with back door capabilities that gives an attacker remote access to the compromised computer via IRC channels.

Affected

  • Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Response

The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.

1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Run a full system scan and delete all the files detected asBackdoor.Sdbot
4. Delete the value that was added to the registry.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube