ThreatExpert's Statistics for Mal/Behav-268 [Sophos]:

Mal/Behav-268 [Sophos] is also known as:

Threat Alias	Number of Incidents
Trojan.Win32.Antavmu [Ikarus]	4
Backdoor.Sdbot [Symantec]	2
Backdoor.Win32.IRCBot.lzd [Kaspersky Lab]	2
Trojan.Win32.Antavmu.egh [Kaspersky Lab]	2
W32/Sdbot.worm!ds [McAfee]	2
Backdoor.IRC.Bot [Symantec]	1
Mal/Generic-A [Sophos]	1
Trojan.Win32.Buzus [Ikarus]	1
Trojan.Win32.Buzus.bubd [Kaspersky Lab]	1
VirTool:Win32/CeeInject.gen!A [Microsoft]	1
VirTool:Win32/CeeInject.gen!AA [Microsoft]	1
Win32/IRCBot.worm.variant [AhnLab]	1
Win-Trojan/Buzus.77392 [AhnLab]	1

Mal/Behav-268 [Sophos] has the following possible countries of origin:

Mal/Behav-268 [Sophos] is known to be created as:

%System%\twex.exe

%Temp%\ixp000.tmp\bob.exe

%Temp%\ixp000.tmp\cuti.exe

%Temp%\ixp000.tmp\reptile.exe

%Windir%\msmsgrs.exe

%Windir%\msupdate32.exe

Notes:

%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.