New Worms Sniff For Passwords

Published: 15 September 2004 y., Wednesday
According to Symantec and Trend Micro, the newest Sdbot variants--Symantec actually calls them "Spybot"--exploit several vulnerabilities in Windows, including the RPC DCOM flaw that was used by last summer's MSBlast and the LSASS vulnerability exploited by 2004's Sasser. Like both Sasser and MSBlast, Sdbot doesn't require user intervention to spread, but propagates across networks by finding unpatched systems. When Sdbot locates a vulnerable PC, it adds backdoor components that let the attacker control the machine. The worms also creates a bot that uses NetBEUI (NetBios Extended User Interface) to capture passwords for such software as the instant messaging clients from Yahoo, AOL and Microsoft. More important, however, is the addition of a network "sniffer" that monitors traffic on the local area network, specifically for log-on usernames and passwords. "If [Sdbot] can successfully transmit the filters packet captures back to the owner they are going to cause problems well beyond typical bot infestation," said Patrick Nolan, a researcher with the Internet Storm Center, in online advisory. The Sdbots can also install more generalized keyboard loggers and steal keys from a number of popular games, including Unreal Tournament 2004, Battlefield 1942 and NASCAR Racing 2003.
Šaltinis: TechWeb
Copying, publishing, announcing any information from the News.lt portal without written permission of News.lt editorial office is prohibited.

Facebook Comments

New comment


Captcha

Associated articles

NASA to merge media archives

Space officials want proposals for a NASA archiving system that would create a one-stop multimedia source for the public more »

Google Focuses Local Ad Targeting

Search giant Google will offer its advertisers the chance to more tightly target the geographical areas where their ads will be seen more »

'Linspiration' Hits Lindows

Lindows executives have rolled out a new moniker for its desktop Linux software and the name is...Linspire more »

Spam reaches new high in March

More than one million junk emails sent on one day alone more »

Internet nonprofit meets with U.N.

U.S. company controls domain names; security, governing discussed more »

ITT fashion spring “CeBIT 2004”

18th world’s largest information technologies’ and telecommunications’ exhibition “CeBIT 2004”, which takes place in Hanover (Germany) annually, has already ended. more »

Foreign fraud hits U.S. e-commerce firms hard

Top offending countries: Yugoslavia, Nigeria, Romania more »

'Buffalo Spammer' convicted

A man accused of using EarthLink Inc. e-mail accounts to release a flood of unsolicited commercial ("spam") e-mail on the Internet has been convicted on charges of identity theft and falsifying business records more »

Google Gets E-Mail

Search player Google is getting into the e-mail game more »

New eMail Tales in Microsoft's Minn. Case

Microsoft officials sought to dissuade Intel from investing in handwriting software startup GO Corporation in 1990, according to the latest round of e-mail evidence more »