Sdbot is a worm that provides a remote attacker full access on the victim’s computer. It uses an IRC (Internet Relay Chat) protocol to establish a connection. Sdbot can spread via spam email messages; network shared drives or downloaded by another on to the computer. Backdoor function of this worm gives the attacker full access on your files. It also registers vital information from your PC such as user name and password. Other than that, Sdbot also compromises your online identity and sensitive information. This malicious worm runs in the background and is invisible to users. However, most antivirus programs with update database will be able to capture Sdbot before it can further infect the computer. SDBot was originally written in C and released by a Russian programmer known as sd [87]. The standard compact package of …show more content…
The only possible malicious activities included in the original package are UDP or ICMP DDoS attacks. Public collaboration and evolution have generated a large number of patches including specific malicious capabilities such as scanning, DDoS attacks, sniffers, and information harvesting routines. Similar to Agobot, SDBot includes some typical exploits targeting specific vulnerabilities. The most active ones are the brute-force password guessing attacks at ports 139 (NetBIOS sharing service), port 445 (Crypt32.dll) and port 1433 (MSSQL) 88]. Once the hacker gains complete access to compromised systems, the Remote Access Trojan (RAT) component of SDBot connects to an IRC server and lies silently waiting for instructions from the botmaster. This aforementioned code structure, a standard core package attached with customized patches, has made SDBot arguably the most active and popular botnet. As of August 2004, SDBot has been reported to have