F-SdBot 1

Sdbot is a worm that provides a remote attacker full access on the victim’s computer. It uses an IRC (Internet Relay Chat) protocol to establish a connection. Sdbot can spread via spam email messages, network shared drives or downloaded by another on to the computer.

Backdoor function of this worm gives the attacker full access on your files. It also registers vital information from your PC such as user name and password. Other than that, Sdbot also compromises your online identity and sensitive information.

This malicious worm runs in the background and is invisible to users. However, most antivirus programs with update database will be able to capture Sdbot before it can further infect the computer.


  • AVG (GriSoft): BackDoor.Ircbot.XXK (Trojan horse)
  • Avira: TR/Spy.Gen
  • BitDefender: Generic.Malware.SIFB.AAB81248
  • clamav: PUA.Win32.Packer.Upx-53
  • Dr.Web: DLOADER.Trojan
  • F-Prot: W32/Bloop.A.gen!Eldorado
  • FortiNet: W32/IRCBot.C
  • Eset: Win32/IRCBot.NHP trojan (variant)
  • panda: Suspicious
  • rising: [Suspicious]
  • Sophos: Mal/IRCBot-C