Active Scan. Scan your PC free
Download Cloud Antivirus Gratis

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.


Threat LevelModerate threatDamageHighDistributionNot widespread
Common name:Sdbot.FAR
Technical name:W32/Sdbot.FAR.worm
Threat level:Low

It joins an IRC channel in order to receive control commands, such as launching denial of service attacks against websites. It reaches the computer downloaded by the worm Mops.A.

Affected platforms:

Windows XP/2000/NT/ME/98/95

First detected on:Sept. 14, 2005
Detection updated on:Sept. 14, 2005
Proactive protection:
Yes, using TruPrevent Technologies

Brief Description 


Sdbot.FAR is a worm with backdoor characteristics that belongs to the Sdbot worm family. This family has the following common characteristics:

  • It allows hackers to gain remote access to the affected computer in order to carry out actions that compromise user confidentiality and impede the tasks performed.
  • It uses its own IRC client in order to join an IRC channel and accept remote control commands, such as launching denial of service (DoS) attacks against websites. It can also download and run files on the affected computer.

Sdbot.FAR reaches the computer downloaded by other worm detected as Mops.A.

However, worms belonging to the Sdbot family usually employ any of the following means of transmission, among others:

  • Computer networks: the worm checks if the affected computer belongs to a network. If so, it attempts to access network shared resources, using passwords that are typical or easy to guess. Then, it makes a copy of itself to those shared resources.
  • Internet: the worm attacks IP addresses, in which it attempts to exploit several known vulnerabilities, such as LSASS, RPC DCOM, etc.

Visible Symptoms 


Sdbot.FAR is difficult to recognize, as it does not display any messages or warnings that indicate it has reached a computer.