Security software companies are warning that a group of worms called Sdbot will be able to install a sniffer tool to steal passwords from unsuspecting users.
New Sdbot variants (Symantec called Spybot) exploit some of the flaws in Windows, including the RPC DCOM bug that last year was exploited by the worm exploit and the LSASS vulnerability exploited by the Sasser virus, according to Symantec and TrenMicro. earlier this year.
Like these two worms, Sdbot disperses without the interaction of computer users. Instead, it spreads through the network by exploiting unpatched machines. When Sdbot identifies a vulnerable PC, it launches backdoor programs to allow an attacker to take control of the computer. These variants also provide a bot-based spy tool NetBios extended user interface (NetBEUI) to collect passwords for instant messengers from Yahoo, AOL and Microsoft.
However, it is worth noting here is the addition of the above sniffer, with the ability to monitor traffic on the local network, especially the collection of login and password. "If Sdbot can transmit what it has stolen to the author, it will pose more serious problems than the usual types of harassment programs," said Patrick Nolan, an expert on the Internet Storm Security Center. ), comment.
The Sdbot variant group can also install a more powerful keyboard tracker and steal some of the key CD keys, including some Unreal Tournament 2004 Battlefield 1942 and NASCAR Racing 2003
In another development, one of the variants of the Mydoom virus was discovered yesterday (Symantec called Mydoom.W, and Sophos called Mydoom.X) will use the infected PCs to launch a denial of service attack. The service is available on Symantec's website from September 29th to October 29th. US security software company is actively investigating information about this risk.
