{
  "family": "sdbot",
  "sample_count": 1931,
  "category": "rat",
  "description": "SDBot is a long-running IRC-controlled botnet family with origins in the early 2000s that established many techniques used by later botnets, including modular plugins, network-share propagation, and DDoS capability. The leaked SDBot source code spawned countless derivatives. While the original SDBot is now largely historical, the avclass label continues to capture many derivative IRC-bot families.",
  "cta": "If you suspect this malware on your system, do not attempt manual removal. Contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response guidance.",
  "aliases": [
    "rbot",
    "spybot"
  ],
  "enrichment_level": "hand-curated",
  "faq": [
    {
      "@type": "Question",
      "name": "What is Sdbot?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "SDBot is a long-running IRC-controlled botnet family with origins in the early 2000s that established many techniques used by later botnets, including modular plugins, network-share propagation, and DDoS capability. The leaked SDBot source code spawned countless derivatives. While the original SDBot is now largely historical, the avclass label continues to capture many derivative IRC-bot families."
      }
    },
    {
      "@type": "Question",
      "name": "How does Sdbot spread?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "SdBot (RBot) is an older IRC-controlled backdoor family spread through network share exploitation, weak passwords, and bundled with cracked software."
      }
    },
    {
      "@type": "Question",
      "name": "What are the signs of a Sdbot infection?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "Outbound IRC traffic on non-standard ports, unfamiliar admin accounts created on the system, and AV detections for SdBot, RBot, or Spybot indicate compromise."
      }
    },
    {
      "@type": "Question",
      "name": "What should I do if I think I have Sdbot on my system?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "If you suspect this malware on your system, do not attempt manual removal. Contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response guidance."
      }
    }
  ],
  "faq_count": 4,
  "mitre_attack": [
    "T1547.001",
    "T1071.001"
  ],
  "cisa_advisory": null,
  "last_updated": "2026-05-27"
}