Home / malware Backdoor.BotGet.Ftp
First posted on 21 November 2011.
Source: BitDefenderAliases :
Backdoor.BotGet.Ftp is also known as W32/Sdbot.worm.bat.b, (McAfee.
Explanation :
Backdoor.BotGet.Ftp?.Gen detects scripts used by some IRC bots (eg: SDBot family) and worms (eg: Lovgate) in propagation from one computer to another.
Files detected are
Backdoor.BotGet.FtpA.Gen is a batch file that runs system utility FTP.EXE with a ftp script that downloads the worm on the victim computer and executes it, deletes the ftp script and then it deletes itself (the ftp script is detected as Backdoor.BotGet.FtpB.Gen)
Computers on which such files are detected are most likely to lack patches for the Operating System (see Backdoor.SDBot.Gen / Backdoor.Agobot.3.Gen description) and/or have weak passwords on accounts with administrator rights.
Usually, if such a file is found on a computer in a LAN, it is very possible that other systems may have been compromised as well.Last update 21 November 2011
