Security firms are warning of a new series of Sdbot worms that install a "sniffer" component to steal passwords from unsuspecting users
Published:
15 September 2004 y., Wednesday
According to Symantec and Trend Micro, the newest Sdbot variants--Symantec actually calls them "Spybot"--exploit several vulnerabilities in Windows, including the RPC DCOM flaw that was used by last summer's MSBlast and the LSASS vulnerability exploited by 2004's Sasser.
Like both Sasser and MSBlast, Sdbot doesn't require user intervention to spread, but propagates across networks by finding unpatched systems.
When Sdbot locates a vulnerable PC, it adds backdoor components that let the attacker control the machine. The worms also creates a bot that uses NetBEUI (NetBios Extended User Interface) to capture passwords for such software as the instant messaging clients from Yahoo, AOL and Microsoft.
More important, however, is the addition of a network "sniffer" that monitors traffic on the local area network, specifically for log-on usernames and passwords. "If [Sdbot] can successfully transmit the filters packet captures back to the owner they are going to cause problems well beyond typical bot infestation," said Patrick Nolan, a researcher with the Internet Storm Center, in online advisory.
The Sdbots can also install more generalized keyboard loggers and steal keys from a number of popular games, including Unreal Tournament 2004, Battlefield 1942 and NASCAR Racing 2003.
Šaltinis:
TechWeb
Copying, publishing, announcing any information from the News.lt portal without written permission of News.lt editorial office is prohibited.
The most popular articles
Software company announced new structure_ of it_s business.
more »
search.lt presents newest links
more »
A new e-mail worm that's just beginning to wiggle its way across the Internet scours infected computers for image files containing child pornography, and alerts government agencies if any suspicious files are discovered.
more »
Two Teen Tech Titans Make the Grade
more »
The news that the Meta Group has found that between 65 and 75 percent of WAP users in Europe and Asia are no longer using their WAP services via their mobile phones, is indicative of this market segment.
more »
Trust services firm VeriSign Inc., owner of Network Solutions Inc., the largest registry/registrar in the world, Thursday threw the switch on its long-running Domain-Policy mailing list.
more »
If a Canadian firm successfully follows through with plans to retransmit network television content over the Internet, the multibillion-dollar entertainment industry could be thrown into the same sort of turmoil that the music industry faced because of th
more »
Criminal charges were brought against 90 people and companies Wednesday as part of a joint operation between the Justice Department and the National White Collar Crime Center -- charged with cutting down on Internet fraud.
more »
America Online, Inc.'s Instant Messenger service (AIM) is now available to VoiceStream Corp.'s 4 million subscribers.
more »
The web is often thought of either as a lawless place, filled with pornographers, gamblers, criminals and anarchists, or a vast virtual shopping mall where hordes of crazed consumers are feverishly maxing out their credit cards.
more »
search.lt presents newest links
more »