Security firms are warning of a new series of Sdbot worms that install a "sniffer" component to steal passwords from unsuspecting users
Published:
15 September 2004 y., Wednesday
According to Symantec and Trend Micro, the newest Sdbot variants--Symantec actually calls them "Spybot"--exploit several vulnerabilities in Windows, including the RPC DCOM flaw that was used by last summer's MSBlast and the LSASS vulnerability exploited by 2004's Sasser.
Like both Sasser and MSBlast, Sdbot doesn't require user intervention to spread, but propagates across networks by finding unpatched systems.
When Sdbot locates a vulnerable PC, it adds backdoor components that let the attacker control the machine. The worms also creates a bot that uses NetBEUI (NetBios Extended User Interface) to capture passwords for such software as the instant messaging clients from Yahoo, AOL and Microsoft.
More important, however, is the addition of a network "sniffer" that monitors traffic on the local area network, specifically for log-on usernames and passwords. "If [Sdbot] can successfully transmit the filters packet captures back to the owner they are going to cause problems well beyond typical bot infestation," said Patrick Nolan, a researcher with the Internet Storm Center, in online advisory.
The Sdbots can also install more generalized keyboard loggers and steal keys from a number of popular games, including Unreal Tournament 2004, Battlefield 1942 and NASCAR Racing 2003.
Šaltinis:
TechWeb
Copying, publishing, announcing any information from the News.lt portal without written permission of News.lt editorial office is prohibited.
The most popular articles
Software company announced new structure_ of it_s business.
more »
Saudi authorities have blocked access to a site on Yahoo's Web portal that contains pornographic and other offensive material, a Saudi official said today.
more »
Someday you'll be able to download the Bible from the heavens. Well, from the Internet anyway.
more »
The goofy DirecTV ad starring Arnold Schwarzenegger has found a new home in a burning orphanage.
more »
Media is very powerful in Lithuania just being a watchdog for official power holders – state authorities. People trust them most, so media is able to use this trust in defining what is good and what is bad in society. Some speculations are present, but Lithuanian press, radio, TV and Internet do a lot to promote so called information society which is essential for a civil society: the main goal of contemporary democracy. How has media been developing and why it is so important in shaping the society?
more »
Thanks to an online onslaught by teen-agers there are now more women than men on the World Wide Web.
more »
Aug 10 2000: Estonia is still showing signs of an emerging information society, with 21 percent of the population now using the Internet.
more »
The family of late guitar legend Jimi Hendrix has won a battle in cyberspace after a U.N. arbitrator awarded it the rights to the Internet domain name jimihendrix.com.
more »
Exams in Internet are getting more popular. “Infoteka” was very interested in statistics and especially in the evaluation of Lithuanian participants.
more »
A study by Roper Starch Worldwide has found sharp rises in PC ownership and Internet use around the world.
more »
The National Infrastructure Protection Center (NIPC), the FBI's computer crime investigation organization, has announced plans to chair the world's first summit on global Internet security.
more »