Backdoor.BotGet.Ftp

Nombre: Backdoor.BotGet.Ftp
Alias: W32/Sdbot.worm.bat.b (McAfee)
Tipo: Script Gusano Backdoor
Tamaño: -
Descubierto: 22.09.2004
Detectado: 22.09.2004
Propagación: Media
Peligrosidad: Media
In The Wild:

Síntomas:

Descripción técnica:

Backdoor.BotGet.Ftp?.Gen detects scripts used by some IRC bots (eg: SDBot family) and worms (eg: Lovgate) in propagation from one computer to another.

Files detected are

Backdoor.BotGet.FtpA.Gen is a batch file that runs system utility FTP.EXE with a ftp script that downloads the worm on the victim computer and executes it, deletes the ftp script and then it deletes itself (the ftp script is detected as Backdoor.BotGet.FtpB.Gen)

Computers on which such files are detected are most likely to lack patches for the Operating System (see Backdoor.SDBot.Gen / Backdoor.Agobot.3.Gen description) and/or have weak passwords on accounts with administrator rights.

Usually, if such a file is found on a computer in a LAN, it is very possible that other systems may have been compromised as well.

Desinfección:

Recomandations are removing suspicious entries in hives
HKCU and HKLM at

\Software\Microsoft\Windows\Current Version\Run or
\Software\Microsoft\Windows\Current Version\Runservices

install the latest patches and change passwords on all accounts with administrator rights, and also check for bogus user accounts with administrator rights (created by the virus) and delete them.

Utilidad de desinfección:
N/A

Virus analizado por:

Vicol Patrick
Bitdefender Virus Researcher