We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Backdoor:Win32/Rbot.BM
Detected by Microsoft Defender Antivirus
Aliases: Win32/Rbot.DYW (CA) Backdoor.Win32.Rbot.gen (Kaspersky) W32/Spybot.AWAC (Norman) W32/Rbot-RS (Sophos) Rbot (Sunbelt Software) W32.Spybot.Worm (Symantec) WORM_RBOT.GEN (Trend Micro)
Summary
Backdoor:Win32/Rbot.BM is a backdoor Trojan that connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.
Backdoor:Win32/Rbot.BM may download and install additional malicious software, thus manual removal is not recommended. To detect and remove this Trojan and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as the Microsoft Safety Scanner (http://go.microsoft.com/fwlink/?LinkId=212742). For more information, visit http://www.microsoft.com/athome/security/downloads/default.mspx
Follow us
