Sdbot.FEX is a worm that connects to several IRC servers in order to receive remote control commands, acting as a backdoor. It can be instructed to download and run files, obtain Protected Storage service keys, including Outlook or Internet Explorer passwords, among others, start or stop Windows services, install a proxy server, etc.
Sdbot.FEX installs the hacking tool detected as Rootkit.AJ, which is used to end and list processes, as well as to hide its own process.
Additionally, Sdbot.FEX installs its own FTP (File Transfer Protocol) and TFTP (Trivial File Transfer Protocol) servers on the affected computer in order to spread to other systems.
Sdbot.FEX exploits the vulnerabilities LSASS, RPC DCOM, Workstation Service, Plug and Play and SQL Server Resolution Service to spread across the Internet.
It is highly recommendable to download the security patches for the vulnerabilities LSASS, RPC DCOM, Workstation Service, Plug and Play and SQL Server Resolution Service from the Microsoft website.>