Bugtraq mailing list archives
rpc sdbot
From: Daniel Otis-Vigil <dvigil () moosoft com>
Date: Wed, 13 Aug 2003 11:04:25 -0600
This sdbot variant has been spreading around Undernet and is a combination of the msblast worm, sdbot and spybot. It installs as a service and triggers WFP which I think was a mistake. Termination of the process causes an immediate reboot.
Samples are available here: http://www.moosoft.com/thecleaner/rcpsdbot.zip password is: infected Daniel Otis-Vigil MooSoft Development LLC http://www.moosoft.com/thecleaner
Current thread:
- rpc sdbot Daniel Otis-Vigil (Aug 13)
- <Possible follow-ups>
- re: rpc sdbot Daniel Otis-Vigil (Aug 13)