We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Win32/Wootbot
Detected by Microsoft Defender Antivirus
Aliases: W32.Spybot.Worm (Symantec) WORM_FORBOT (Trend Micro) WORM_WOOTBOT (Trend Micro) W32/Sdbot.worm (McAfee) Win32.Forbot (CA)
Summary
Windows Defender Antivirus detects and removes this threat.
Win32/Wootbot is a family of network worms that target certain versions of Microsoft Windows.
The worm spreads to writeable network shares as well as MySQL and Microsoft SQL Server application servers. It also spreads by exploiting various Windows vulnerabilities. The worm has a backdoor component that connects to an IRC server and joins a specific channel to receive commands from attackers.
Follow us
