Sdbot? wtf! - Tilted Forum Project Discussion Community

Fourtyrulz · 04-06-2005, 09:53 AM

I just got this brutal email from our local Resnet folks on campus:

Quote:

Your computer is exhibiting symptoms of being infected with sdbot-

<http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.s.html>
Sdbot is a trojan, which is different from run-of-the-mill viruses in
that someone, somewhere can have complete control of your machine
whenever they wish. Why can't I just remove the virus? Well...
The problem with just cleaning up is that the machine has potentially
been under the complete control of someone else. You *can't* know what
else may have been done to the machine, nor what else may have been
installed. Examples of things that *could* have been placed on the
machine include sniffers, keystroke loggers, backdoor services,... The
list is endless. Removing the sdbot files won't touch any other
malware on the machine. Personal information, such as credit card
numbers, passwords, etc. are also in jeopardy while using a computer
infected with sdbot.
As a result of the infection, your network connection has been
disabled. In order to restore Internet access you will need to reformat
your computer using the instructions at our website-
Once you have reformatted, reply to this e-mail address stating you
have reformatted and give your first and last name and your connection
can be re-enabled.
After your connection is re-enabled, make sure you have the
University's anti-virus software installed-

Also, you will want to visit Windows Update and download all critical
patches-

-ResNet Staff

And my question is a pretty simple one. How the hell did I get an sdbot trojan? I never download anything, my computer is password protected, and I only visit a select few sites. For those of you who have read anything about my current roomate problems, I was wondering if there is a way to use a boot disk or something to give me an sdbot trojan. Because I honestly don't know how I could have gotten it any other way!

Dilbert1234567 · 04-06-2005, 02:43 PM

There is a new variant of it out just recently, it is not known by anti virus definitions yet. I’m dealing with it at work right now; as soon as I isolate it ill ship it off to the proper channels.

To answer your question, Trojans gain access through exploits in the system, this Trojan uses a yet unknown exploit, it is being worked on. it gets in through the network.

shadowalker · 04-06-2005, 03:05 PM

Not to take away from the post, I just love the quote on there message

As a result of the infection, your network connection has been
disabled. In order to restore Internet access you will need to reformat
your computer using the instructions at our website-
Once you have reformatted, reply to this e-mail address stating you
have reformatted and give your first and last name and your connection
can be re-enabled.

If thay have disabled your network connection how are you supposed to visit there website and get the information on formattion your system to there specs?

P-Naughty · 04-06-2005, 03:10 PM

Yeah, I thought it looked pretty shady myself. I'd call the people and make sure this isn't some BS "teddy bear virus" style e-mail. These virus hoax e-mails pose as serious a threat as a real virus.

ratbastid · 04-06-2005, 04:13 PM

Quote:

Originally Posted by shadowalker

If thay have disabled your network connection how are you supposed to visit there website and get the information on formattion your system to there specs?

For that matter, how are you supposed to get this email?

spillblood · 04-06-2005, 07:17 PM

i had the same problem b4 but my internet company didnt even tell me i have a virus they just cut me off. after two days of no internet i called rogers and asked why my internet was down. talked to three different ppl and didnt find out anything i was just told they would look into it. a week and a half later after calling a few times i found out from them i had a trojan and that they had removed my internet after fixing the problem i called and hooked it back up and what to i see in my inbox 2 emails from them saying that i had a trojan and they were shuting me down both mailed after they had cut me off. the best part is they made me paid for the time i was cut off! good old rogers

Fourtyrulz · 04-06-2005, 08:02 PM

Quote:

For that matter, how are you supposed to get this email?

That's the first thing that I thought too. But luckily here on campus there's no shortage of computer labs, so I just ran downstairs to check my email and there it was. It's perfectly legit too, just last month I had to help a friend reformat his computer after getting a similar email.

Dilbert,
Doesn't this kind of stuff just piss you off? I have 2 firewalls and Symantec antivirus which is managed by the universities resnet but yet I still managed to get some lame ass trojan. The way I see it, they screwed up not me!

Dilbert1234567 · 04-06-2005, 08:08 PM

yeah it sucks its realy ovious what systems are doing it, we can find them in under 30 sec of looking, they are spamming like crazy.

basicly they are right, the trojan gives outsiders full control, remove all inportant files and reformat the thing.

d3cemberist · 04-08-2005, 05:32 PM

I once got hit with one of those. It was a bitch to remove..

04-06-2005, 02:43 PM	#2 (permalink)
Dilbert1234567 Devils Cabana Boy Location: Central Coast CA	There is a new variant of it out just recently, it is not known by anti virus definitions yet. I’m dealing with it at work right now; as soon as I isolate it ill ship it off to the proper channels. To answer your question, Trojans gain access through exploits in the system, this Trojan uses a yet unknown exploit, it is being worked on. it gets in through the network. __________________ Donate Blood! "Love is not finding the perfect person, but learning to see an imperfect person perfectly." -Sam Keen

04-06-2005, 03:05 PM	#3 (permalink)
shadowalker Psycho Location: Firefox yourself and change the world!	Not to take away from the post, I just love the quote on there message As a result of the infection, your network connection has been disabled. In order to restore Internet access you will need to reformat your computer using the instructions at our website- Once you have reformatted, reply to this e-mail address stating you have reformatted and give your first and last name and your connection can be re-enabled. If thay have disabled your network connection how are you supposed to visit there website and get the information on formattion your system to there specs? __________________ I'll make ya famous!

04-06-2005, 03:10 PM	#4 (permalink)
P-Naughty Crazy Location: Georgia Southern University	Yeah, I thought it looked pretty shady myself. I'd call the people and make sure this isn't some BS "teddy bear virus" style e-mail. These virus hoax e-mails pose as serious a threat as a real virus. __________________ I will not walk so that a child may live! - Master Shake

04-06-2005, 08:08 PM	#8 (permalink)
Dilbert1234567 Devils Cabana Boy Location: Central Coast CA	yeah it sucks its realy ovious what systems are doing it, we can find them in under 30 sec of looking, they are spamming like crazy. basicly they are right, the trojan gives outsiders full control, remove all inportant files and reformat the thing. __________________ Donate Blood! "Love is not finding the perfect person, but learning to see an imperfect person perfectly." -Sam Keen

04-06-2005, 07:17 PM	#6 (permalink)
spillblood Tilted	i had the same problem b4 but my internet company didnt even tell me i have a virus they just cut me off. after two days of no internet i called rogers and asked why my internet was down. talked to three different ppl and didnt find out anything i was just told they would look into it. a week and a half later after calling a few times i found out from them i had a trojan and that they had removed my internet after fixing the problem i called and hooked it back up and what to i see in my inbox 2 emails from them saying that i had a trojan and they were shuting me down both mailed after they had cut me off. the best part is they made me paid for the time i was cut off! good old rogers

04-08-2005, 05:32 PM	#9 (permalink)
d3cemberist Crazy	I once got hit with one of those. It was a bitch to remove..