F-SdBot 1

Sdbot is a worm that provides a remote attacker full access on the victim’s computer. It uses an IRC (Internet Relay Chat) protocol to establish a connection. Sdbot can spread via spam email messages, network shared drives or downloaded by another user onto the computer.

The backdoor function of this worm gives the attacker full access to the user's files. It also keylogs sensitive information from the user's PC such as their user name and password. Other than that, Sdbot also compromises the user's online identity and sensitive information.

This malicious worm runs in the background and is invisible to users. However, most antivirus programs with an update database will be able to capture and stop Sdbot before it can steal any information from the user.


  • AVG (GriSoft): BackDoor.Ircbot.XXK (Trojan horse)
  • Avira: TR/Spy.Gen
  • BitDefender: Generic.Malware.SIFB.AAB81248
  • ClamAV: PUA.Win32.Packer.Upx-53
  • Dr.Web: DLOADER.Trojan
  • F-Prot: W32/Bloop.A.gen!Eldorado
  • FortiNet: W32/IRCBot.C
  • Eset: Win32/IRCBot.NHP trojan (variant)
  • panda: Suspicious
  • rising: [Suspicious]
  • Sophos: Mal/IRCBot-C