Sdbot.add includes a Lockx.exe rootkit that hides the worm in a computer. Hackers can also use the rootkit to cloak their own malware.
FaceTime Security Labs, which identified the worm late last month, said it has found a rootkit-linked ster.exe file that contains six additional files that give the attacker the ability to upload, download, and monitor the infected host PC.
The software has been linked to a group in the Middle East and has the potential to steal Microsoft Outlook Express email passwords and log keystrokes. The infected computers can also be used as a platform for launching attacks on Web sites or networks, FaceTime said.
The attackers have compromised multiple servers hosted by Internet service providers worldwide to distribute the malware payload, FaceTime said.
The research group is a division of security firm FaceTime Communications, based in Foster City, Calif.