Curse you Backdoor.SDBot!

Well, Im finally getting a widespread infection of SDBot under control here at work. Spreading via various DCOM and RPC exploits, SDBot caught us completely off guard, as we were used to email viruses instead (we still get ILOVEYOU.vbs opened every now and then).

Partly, it was our fault for not keeping our Win2K/XP machines up to date. We figured they are all behind the firewall, so nothing on port 445, 5000, or whatever it uses can get in. This overlooked the fact that someone might (against company policy) bring in a home PC and plug it into the network (which is probably how this got in).

To clean each system takes about 2 hours, which consists of installing SP2 (SP4 + an RPC patch on Win2K), resetting all Internet Explorer settings, and running SpyBot and AdAware on the system (because this variant drops about 6 different spyware programs). It is a royal pain in the ass. The person who wrote such a beast must be subjected to horrendous pain and torture by my hand.

Back to Top