Backdoor:W32/SdBot.CKF is a backdoor. Backdoors are remote administration utilities that open infected machines to external control via the Internet or a local network. Upon execution, SdBot.CKF will attempt to connect to an IRC server and tries to download additional malware to the infected machine.
Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.
Find the latest advice in our Community Knowledge Base.
See the manual for your F-Secure product on the Help Center.
Submit a file or URL for further analysis.
Upon execution, SdBot.CKF will create a copy of itself in the following location:
It creates the following registry entry to automatically start with Windows:
Once the backdoor is active, it connects to an IRC server, joins a certain channel and acts as a bot. The backdoor will try to contact the following IRC server:
Then it joins the following channels:
The malware attempts to download from the following locations:
The files are detected as follows:
Here are more commands used by the bot:
Furthermore, another sign of infection from this malware is an outbound connection to http.xn--mg-kka.com.