|
|
SdBot.pingppac Backdoor Information
| Name: |
SdBot.pingppac |
| Category: |
Backdoor |
| Alias: |
- Alias: G-Spot Bot, Backdoor.G_Spot.10, Backdoor.G_Spot.15, Backdoor.G_Spot.20 |
| Advice: |
Remove |
| Risk: |
Severe Risk
Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine. |
| Description:
|
SDBot is the name of a family of remote access tools, also known as backdoors or worms, used by hackers to control a machine without the owner's knowledge.
SdBot is a server component (bot) that the Trojans creator distributes over IRC channels. This Trojan allows its creator to perform a wide variety of actions on a compromised computer.
SdBot contains its own IRC client, allowing it to connect to an IRC channel that was coded into the Trojan. Using the IRC channel, the Trojan listens for the commands from the Trojans creator. The creator of the Trojan accesses the Trojan by using a password-protected authorization.
The commands allow the Trojans creator to perform any of the following actions:
Manage the Backdoor installation.
Control the IRC client on a compromised computer.
Dynamically update the installed Trojan.
Send the Trojan to other IRC channels to attempt to compromise more computers.
Download and execute files.
Deliver system and network information to the Trojans creator.
Perform Denial of Service (DoS) attacks against a target, which the Trojans creator defines.
Completely uninstall itself by removing the relevant registry entries.
|
| Signatures:
|
process: pingppac.exe: MD5 Hash: 864569954e135ce31b6...
process: pingppac.exe: MD5 Hash: bb95b374c3e66eba91e.. |
| Type: |
Backdoor - A Trojan software is any software on a user's computer that the user is not aware or intentionally installed. Most Trojan software is designed to perform some sort of actions that could jeopardize the user's security or privacy. |
Top Backdoor Visited Pages:
Unicorn - 172 visits
SkatanBot - Alias: Backdoor.VB.kl - 91 visits
Backdoor:Win32/Lamebot.A - 82 visits
Delf.gb - Alias: RVP - 62 visits
BackDoor.Galapop.A - Alias: Trojan.Abwiz.D (Symantec), Galapoper (Mcafee) - 60 visits
Trojan.Backdoor.Darkmoon - Alias: Backdoor:Win32/Darkmoon.AZ - 56 visits
Trojan.Fakespy.A - Alias: Trojan.Zlob.B - 52 visits
Trojan.Backdoor.Codbot.O - Alias: W32/Codbot-O, Backdoor.Win32.Codbot.ah - 51 visits
RBot.sysdat - Alias: Backdoor:Win32/Rbot!E89C - 51 visits
Backdoor.Perl.AEI.16 - 50 visits
Random Backdoor Pages:
Wootbot.snapple - Alias: Backdoor:Win32/Wootbot.AC
RBot.image - Alias: Backdoor:Win32/Rbot
RBot.tskm0nitor - Alias: Backdoor:Win32/Rbot.EZ
Delf.iu
WootBot.mssmmspgr - Alias: Backdoor:Win32/Wootbot
Backdoor.VB.BS - Alias: BackDoor-AFS, BackDoor-AFS
Delp.jb
RBot.msuite - Alias: Backdoor:Win32/Rbot.LY
Backdoor.Win32.Nightmare.21
GSpot Bot - Alias: G-Spot Bot, Backdoor.G_Spot.10, Backdoor.G_Spot.15, Backdoor.G_Spot.20
|
|
