[Dshield] Fw: rpc sdbot

Geoff Shively gshively at pivx.com
Wed Aug 13 17:57:58 GMT 2003

Useful data on the buggar that combines msblast worm, sdbot and spybot.


Geoff Shively, CHO
PivX Solutions, LLC

Are You Secure?

----- Original Message ----- 
From: "Daniel Otis-Vigil" <dvigil at moosoft.com>
To: <bugtraq at securityfocus.org>
Sent: Wednesday, August 13, 2003 10:04 AM
Subject: rpc sdbot

> This sdbot variant has been spreading around Undernet and is a combination
> of the msblast worm, sdbot and spybot.  It installs as a service and
> triggers WFP which I think was a mistake.  Termination of the process
> causes an  immediate reboot.
> Samples are available here: http://www.moosoft.com/thecleaner/rcpsdbot.zip
> password is: infected
> Daniel Otis-Vigil
> MooSoft Development LLC
> http://www.moosoft.com/thecleaner

More information about the list mailing list