This worm may propagate through the following techniques:
- AOL Instant Messenger (needs a remote-user-intervention)
- Internet Relay Chat
- Microsoft Vulnerabilities (MS04-007& MS05-039)
Most of its strings are encrypted using its own encryption table. One noticeable string on its body, upon decryption, is “[Reptile – 0.33]”.
So if you are not sure if the link being sent to you on Instant Messenger(et. al., AOL, Yahoo, MSN), DO NOT click the link.
For complete technical analysis and removal instructions, please see the links below:
WORM_SDBOT.CWG Technical Details
WORM_SDBOT.CWG Removal Instructions