[Dshield] Fw: rpc sdbot
gshively at pivx.com
Wed Aug 13 17:57:58 GMT 2003
Useful data on the buggar that combines msblast worm, sdbot and spybot.
Geoff Shively, CHO
PivX Solutions, LLC
Are You Secure?
----- Original Message -----
From: "Daniel Otis-Vigil" <dvigil at moosoft.com>
To: <bugtraq at securityfocus.org>
Sent: Wednesday, August 13, 2003 10:04 AM
Subject: rpc sdbot
> This sdbot variant has been spreading around Undernet and is a combination
> of the msblast worm, sdbot and spybot. It installs as a service and
> triggers WFP which I think was a mistake. Termination of the process
> causes an immediate reboot.
> Samples are available here: http://www.moosoft.com/thecleaner/rcpsdbot.zip
> password is: infected
> Daniel Otis-Vigil
> MooSoft Development LLC
More information about the list