We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Backdoor:Win32/Sdbot.ZC
Detected by Microsoft Defender Antivirus
Aliases: Backdoor.Win32.SdBot.aad (Kaspersky) W32/Imagine-A (Sophos) Win32/Pushbot.I (CA) W32/Checkout!91d0b88a (McAfee) W32.Scrimge.A (Symantec) WORM_SDBOT.EXT (Trend Micro)
Summary
Backdoor:Win32/Sdbot.ZC is a backdoor Trojan that allows an attacker to take control of an infected computer. When a computer is infected, the Trojan connects to an Internet Relay Chat (IRC) server and joins a channel in order to receive commands from the controlling attacker. These commands can instruct the Trojan to perform a number of different actions, including downloading and installing additional components and spreading to other computers via MSN Messenger.
Backdoor:Win32/Sdbot.ZC may download and install additional malicious software, thus manual removal is not recommended. To detect and remove this Trojan and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as the Microsoft Safety Scanner (http://go.microsoft.com/fwlink/?LinkId=212742). For more information, visit http://www.microsoft.com/athome/security/downloads/default.mspx
Follow us
