Mntsnow
02-04-2004, 7:14 AM
Security vendors Monday issued alerts for different variants of W32/SdBot, a worm that attempts to spread to remote shares which have weak passwords. According to Sophos, W32/SdBot-W also allows unauthorized remote access to the computer via IRC channels.
W32/SdBot-W copies itself to the Windows system folder as ADVAP.EXE and creates entries in the registry in the following locations to run itself on system restart:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services
Read more (http://www.enterpriseitplanet.com/security/news/article.php/3307851)
W32/SdBot-W copies itself to the Windows system folder as ADVAP.EXE and creates entries in the registry in the following locations to run itself on system restart:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services
Read more (http://www.enterpriseitplanet.com/security/news/article.php/3307851)