Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2014
    S M T W T F S
    « Jun    
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
  • About Us






    msn_worm.jpg
    A new variant of WORM_SDBOT has just turned up. This variant, detected by Trend as WORM_SDBOT.EXT, has been observed to spread copies of itself via MSN’s instant messaging application.
    As with any IM-borne malware, the worm sends an interesting message to an unsuspecting recipient to trick him/her into downloading it into the system. A copy of the worm is sent directly with the message itself, as a zip file. This technique is quite different from other worms like WORM_SOHANAD, which include a URL link in the message from where the actual malware can be downloaded.

    Once it has been successfully downloaded and executed, the worm is known to compromise security. Acting much like a backdoor, it connects to the IRC server vpn.basecore.info and joins the IRC channel VPN. Remote malicious users with access to WORM_SDBOT.EXT can issue various commands that would allow them to download files, terminate processes running on the system and create/open/execute/delete files.

    Credits go to Jonell Baltazar of TMIRT for analysis and to Lalaine Gregorio of Content Security for the screenshot.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice