Panda Reports....

<< Hack & Counter Hack Seminar | Home | PSITE helps in Security Awareness >>

Panda Reports....

Tuesday, September 14, 2004 8:59 AM

“..The last worm in this report is Sdbot.AQA, which spreads across computer networks. It does this by checking if the PC it has infected is connected to a network. If that is the case, it attempts to access and copy itself to shared resources, by trying typical or simple passwords.

Sdbot.AQA allows hackers to gain remote access to the affected computer in order to carry out actions that compromise user confidentiality or prevent the computer from working properly. Sdbot.AQA uses its own IRC client in order to join an IRC channel and accept remote control commands, such as launching Denial of Service (DoS) attacks against websites. It can also download and run files on the affected computer.”

Feedback

# re: Panda Reports....

From Security Focus:

A new worm whose payload includes the SDBot trojan tries to install a "sniffer," seeking to use infected computers to capture login and banking information for other computers on the same network. While sniffers are hardly new, the bundling of a sniffer with an auto-propagating worm is a new wrinkle, according to security firms.
Sniffers are devices that monitor network traffic, and are a useful network administration tool. They can also be useful to hackers, who install them on compromised computers to monitor and intercept packets flowing through a network. This in turn enables the attacker to capture unencrypted usernames and passwords, which can be used to compromise additional machines on the network.

The sniffing capabilities of the new Worm-SDBot were documented by Trend Micro, and include a list of phrases associated with logins for network administration or Paypal accounts. "If the trojans described by Trend can successfully transmit the filter's packet captures back to the owner, they are going to cause problems well beyond typical bot infestation issues," according to the Internet Storm Center.

Malicious sniffers can be difficult to detect because their activity involves collecting packets, rather than transmitting them. Checking to see whether a network card is set in promiscuous (sniffing) mode is a common approach for users concerend about their own machines. Tools for detecting snifffers elsewhere on a network include Sentinel, AntiSniff
9/14/2004 11:18 PM | wilson