Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

rpc sdbot

From: Daniel Otis-Vigil <dvigil () moosoft com>
Date: Wed, 13 Aug 2003 11:04:25 -0600
This sdbot variant has been spreading around Undernet and is a combination of the msblast worm, sdbot and spybot. It installs as a service and triggers WFP which I think was a mistake. Termination of the process causes an immediate reboot. 

Samples are available here: http://www.moosoft.com/thecleaner/rcpsdbot.zip
password is: infected

Daniel Otis-Vigil
MooSoft Development LLC
http://www.moosoft.com/thecleaner
Previous By Date Next
Previous By Thread Next

Current thread: