Welcome to the Virus Encyclopedia of Panda Security.
|Alias:||W32/Randex.A, IRC-BBot, WORM_RPCSDBOT.A, Win32.RPCSdbot.A, W32/Spybot.worm.Iz, Backdoor.SdBot.au, TrojanDropper.Win32.Small.bd|
|Effects: ||It runs programs, deletes and downloads files and launches denial of service attacks.|
|Detection updated on:||Aug. 13, 2003|
RPCSdbot is a worm that infects only Windows 2003/XP/2000/NT computers. RPCSdbot exploits the Buffer Overrun in RPC Interface vulnerability to spread to as many computers as possible.
RPCSdbot allows hackers to gain remote access to computers, in order to carry out actions that compromise user confidentiality and impede the tasks performed. RPCSdbot installs a backdoor Trojan controlled via IRC, which allows the hacker to carry out the following actions, among others: run programs, delete files, launch denial of service (DoS) attacks, etc.
RPCSdbot spreads by attacking IP addresses, and exploits the vulnerability mentioned above to download a copy of itself to the compromised computer. In order to do this, RPCSdbot incorporates its own TFTP (Trivial File Transfer Protocol) server.
If you have a Windows 2003/XP/2000/NT computer, it is highly recommended to download the security patch from the Microsoft website. Click here to open the patch download web page.
A clear indication that RPCSdbot has reached the computer is that the network traffic increases on the TCP 113, 135 and 4444 and UDP 69 ports.