IMPORTANT: Panda Software reports the new Sdbot.N Trojan

Posted in GD as a public service.

The poster is not an employee of, or in any way associated with Panda Software.
---

Panda Software reports the new Sdbot.N Trojan

Virus Alerts, by Panda Software (http://www.pandasoftware.com)

Madrid, October 21, 2003 - PandaLabs has detected the appearance of Sdbot.N (Bck/Sdbot.N) a new and potentially dangerous Trojan. This malicious code could allow hackers to take a series of damaging actions on affected computers.

To make matters worse, the creators of Sdbot.N have mass-mailed the Trojan in a message with the subject field: Microsoft Security Update and an attached file called MS03-047.EXE. The message text tries to convince the recipient that the e-mail has been sent by Microsoft, and this has no doubt been the reason why Panda Software's support staff have already received reported incidents involving Sdbot.N.

As soon as Sdbot.N is run, this Trojan displays the message "Update complete", and goes memory resident.

It also creates a series of Windows Registry entries to ensure it is constantly present on the computer and it copies its code in a file called autoupdate.exe in the Windows system directory.

Sdbot.N includes its own IRC client, so the Trojan can connect to a pre-defined IRC channel even if the user doesn't have an IRC application installed. This connection could allow a hacker to send instructions to the computer under attack, including orders to scan ports, update the Trojan, or launch denial of service attacks.

To prevent possible incidents involving this Trojan, Panda Software advises users to treat e-mails received with caution, and to update their antivirus solutions as soon as possible. The company has already made the updates to its products available to users to ensure their solutions can detect and eliminate Sdbot.N. Those whose software is not configured to update automatically, should update their solutions from http://www.pandasoftware.com.

Users can also scan their computers using the free, online antivirus, Panda ActiveScan, which is available on the company's website at http://www.pandasoftware.com.

For further information about these and other malicious code, visit Panda Software's Virus Encyclopedia at: http://www.pandasoftware.com/virus_info/encyclopedia/.

Additional information

- Resident / Resident virus: A program or file is referred to as resident when it is stored in the computer's memory, continuously monitoring operations carried out on the system.

- DoS / Denial of Service: This is a type of attack, sometimes caused by viruses, that prevents users from accessing certain services ( in the operating system, web servers etc.).

'cause it IS important.

:kick: