New trojan being used to launch attacks, send spam (Phatbot)

The Age ^ | 3/18/2004 | Sam Varghese

[Born Conservative]

Malicious attackers have embraced a new tool that uses the peer-to-peer concept employed by file-sharing software to create bigger networks under their command, using which they can flood people with either malware or spams.

The new tool is a trojan which is being called Phatbot by security researchers. It links each computer it infects into a network and the attacker can then issue commands to the bot through any of the commandeered machines.

This effectively means that unless all the infected machines are shut down, the attacker can continue to issue instructions through those which have not been taken down.

The bot disables a large number of anti-virus software packages and commonly used firewalls. It tests the available bandwidth by posting large files to a number of web sites, according to an analysis by security services provider LURHQ.

The bot can steal AOL logins and passwords, steal CD keys for several popular games, harvest email both from the web and locally for the purpose of sending spam.

LURHQ senior security researcher Joe Stewart said in a posting to the incidents mailing list maintained by Security Focus, that he had heard reports that led him to believe that infections may be in the low hundreds of thousands.

"The question I would pose is: are those hundreds of thousands infected hosts actually part of the botnet at any given time? The WASTE P2P protocol the botnet uses is not built for large numbers of peers," he wrote.

Stewart said he had connected to some clients, examined the traffic passing through the node and found about 1000 unique nicknames in about an hour or so. "So, even though total infections may be high, the actual number of bots available to the owner at any one time is still in question in my mind," he wrote.

[martin_fierro]

FREE PC PROTECTION: (Not an exhaustive list. Your results may vary. Void where prohibited. For entertainment purposes only. No wagering, please. Whattayawantfernuthin'.)

Alternative browsers: Mozilla Opera AVG Anti-Virus Free Edition: Free anti-viral protection Popup ad killers: Bayden Systems Popup Popper: Blocks popup ads well in MSIE Shoot the Messenger: Close that friggin' Messenger in Windows XP Spyware removers: Spybot S&D AdAware MailWasher: Good for pre-screening & bouncing SPAM Windows Update: At least install the critical ones ZoneAlarm: Excellent Firewall Test your firewall from without with ShieldsUP! Test your firewall from within with LeakTest LAST BUT NOT LEAST: Explore Linux as an alternative OS, without installing it on your hard drive, via a free bootable CD-ROM! Download Knoppix (or one of these other Linux distributions), burn the ISO file onto a CD-ROM, and reboot with the CD-ROM in its drive.

[cyborg]

I didn't know there was a miss internet.

[Fiddlstix]

BTTT

[rface]

I thought Trojans(tm) were supposed to protect against viruses

[Liberty Valance]

Hope this one doesn't get to me before I ca

[martin_fierro]

I'm still tryin' to figure out what one has to do to become Miss Internet.

But you've got my vote. <|:)~

[cyborg]

LOL okay!

[proxy_user]

The new release 9.1 of Suse Linux is being discussed on Slashdot now.

The personal edition will come with a bootable CD so you can try out Linux without installing it. The list price will be $29.95. How can anyone resist?

(Note: Availble soon, but not yet)

[Thoro]