Welcome to the Virus Encyclopedia of Panda Security.
It connects to several IRC servers and waits for remote control commands to carry out on the affected computer. It exploits the vulnerabilities LSASS and RPC DCOM, among others, in order to spread to as many computers as possible.
|First detected on:||Oct. 15, 2005|
|Detection updated on:||Oct. 17, 2005|
|Yes, using TruPrevent Technologies
Sdbot.FJA is a worm that connects to several IRC servers in order to receive remote control commands, acting as a backdoor. It can be instructed to download and run files, obtain Protected Storage service keys, including Outlook or Internet Explorer passwords, among others, start or stop Windows services, list and end processes, etc.
Sdbot.FJA exploits the vulnerabilities LSASS, RPC DCOM, Workstation Service and Plug and Play to spread across the Internet.
It is highly recommendable to download the security patches for the vulnerabilities LSASS, RPC DCOM, Workstation Service and Plug and Play from the Microsoft website.>
Sdbot.FJA is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.