Backdoor.Rbot.gen
Backdoor.Rbot.gen
Backdoor.Rbot.gen (Kaspersky Lab) is also known as: IRC-Sdbot (McAfee), W32.Spybot.Worm (Symantec), Win32.HLLW.MyBot (Doctor Web), W32/Rbot-BY (Sophos), Backdoor:Win32/Rbot (RAV), Worm/Sdbot.39936.B (H+BEDV), Win32:SdBot-194-B (ALWIL), IRC/BackDoor.SdBot.28.F (Grisoft), Backdoor.SDBot.Gen (SOFTWIN)
| Description added | Aug 06 2004 |
| Behavior | Backdoor |
Backdoor.Rbot is a family of Trojan programs for Windows, which offer the user remote access to victim machines. The Trojans are controlled via IRC, and have the following functions:
- monitor networks for interesting data packets (i.e. those containing passwords to FTP servers, and e-payment systems such as PayPal etc.)
- scan networks for machines which have unpatched common vulnerabilties (RPC DCOM, UPnP, WebDAV and others); for machines infected by Trojan programs (Backdoor.Optix, Backdoor.NetDevil, Backdoor.SubSeven and others) and by the Trojan components of worms (I-Worm.Mydoom, I-Worm.Bagle); for machines with weak system passwords
- conduct DoS attacks
- launch SOCKS and HTTP servers on infected machines
- send the user of the program detailed information about the victim machine, including passwords to a range of computer games
