We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Backdoor:Win32/Sdbot
Detected by Microsoft Defender Antivirus
Aliases: Backdoor.Sdbot (Symantec) W32/Sdbot.worm (McAfee) WORM_SDBOT (Trend Micro) Win32/SDBot (CA) SdBot (F-secure)
Summary
Win32/Sdbot is a family of backdoor Trojans that allows attackers to control infected computers. After a computer is infected, the Trojan connects to an internet relay chat (IRC) server and joins a channel to receive commands from attackers. These commands can instruct the Trojan to spread to other computers and can allow attackers to perform other backdoor functions, such as launching denial of service (DoS) attacks and retrieving system information from infected computers.
Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as Microsoft Security Essentials, or the Microsoft Safety Scanner. For more information about using antivirus software, see http://www.microsoft.com/security/antivirus/av.aspx.