We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Backdoor:Win32/Poebot
Detected by Microsoft Defender Antivirus
Aliases: W32.Spybot.Worm (Symantec) W32/Sdbot.worm.gen (McAfee) WORM_POEBOT (Trend Micro) Win32/Linkbot (CA)
Summary
Backdoor:Win32/Poebot is a family of backdoor trojans that allow remote attackers to control infected computers. After a computer is infected, the trojan connects to a specific IRC server and joins a specific channel to receive commands from attackers. Commands can instruct the trojan to spread to other computers by scanning for network shares with weak passwords, exploiting unpatched vulnerabilities, and spreading through backdoor ports opened by other families of malicious software. The trojan can also allow attackers to perform other backdoor functions, such as launching denial of service (DoS) attacks and retrieving system information from infected computers. In addition, the trojan may be used to steal CD keys and licensing credentials for various online games.
To detect and remove this trojan, run a full-system scan with an up-to-date antivirus product such as the Microsoft Safety Scanner (http://go.microsoft.com/fwlink/?LinkId=212742). For more information, visit http://www.microsoft.com/athome/security/downloads/default.mspx
Follow us
