New Worms Sniff For Passwords

Published: 15 September 2004 y., Wednesday
According to Symantec and Trend Micro, the newest Sdbot variants--Symantec actually calls them "Spybot"--exploit several vulnerabilities in Windows, including the RPC DCOM flaw that was used by last summer's MSBlast and the LSASS vulnerability exploited by 2004's Sasser. Like both Sasser and MSBlast, Sdbot doesn't require user intervention to spread, but propagates across networks by finding unpatched systems. When Sdbot locates a vulnerable PC, it adds backdoor components that let the attacker control the machine. The worms also creates a bot that uses NetBEUI (NetBios Extended User Interface) to capture passwords for such software as the instant messaging clients from Yahoo, AOL and Microsoft. More important, however, is the addition of a network "sniffer" that monitors traffic on the local area network, specifically for log-on usernames and passwords. "If [Sdbot] can successfully transmit the filters packet captures back to the owner they are going to cause problems well beyond typical bot infestation," said Patrick Nolan, a researcher with the Internet Storm Center, in online advisory. The Sdbots can also install more generalized keyboard loggers and steal keys from a number of popular games, including Unreal Tournament 2004, Battlefield 1942 and NASCAR Racing 2003.
Šaltinis: TechWeb
Copying, publishing, announcing any information from the News.lt portal without written permission of News.lt editorial office is prohibited.

Facebook Comments

New comment


Captcha

Associated articles

search.lt news

search.lt presents newest links more »

The Ransom Letter

Authorize.Net Battles Extortion Attempts more »

Sun Strikes Grid Computing Pact with Bank

One week after touting its grid computing and other technologies on Wall Street for financial services customers, Sun Microsystems agreed to provide a Paris-based bank with more than 100 servers to power its transactions more »

PalmSource unveils smartphone operating system

Palm Cobalt OS to ship with new devices next year more »

Highlighting New Projects

Microsoft Scientists Offer Glimpse of the Future at European Innovation Fair more »

EU chief seen as keen to push Oracle merger through

European Commission wants to reach a decision on hostile bid before the end of October more »

IT security culture must start from the top

Global survey warns senior execs against 'delegating' security awareness more »

Sasser author gets IT security job

Sven Jaschan, self-confessed creator of the destructive NetSky and Sasser worms, has been hired by German security company Securepoint more »

search.lt news

search.lt presents newest links more »

IBM embraces grid converts

IBM has signed on five corporate customers and the Environmental Protection Agency to its ongoing grid computing initiative more »