Some variants try to guess user names and passwords on remote systems to let them spread to secured machines on the network. Once it’s established, it tries to copy itself to any machine connected to the original victim. When it’s launched, it copies itself into the system directory and writes into the Registry keys that allow it to function unmolested.
Method of promulgation: Agobot can arrive as an attachment in e-mail, through a file transfer in instant messaging, or directly across the network using remote procedure calls, Universal Plug and Play directives, buffer overflows and other security vulnerabilities in Windows systems. The source code is widely available on illegal software servers known as Warez sites new variants are popping up all the time. Variants: Win32/Agobot, Backdoor.Agobot.3.gen,, !poly, and dozens of others. The Agobot code includes functions that let it check for instructions in specific chat areas.
But the attackers did follow a pattern consistent with the Agobot/Phatbot family, which consists of dozens of variants on a worm called Agobot that was created in northern Europe in the late 1990s.ĭescription: When launched on a victim’s computer, Agobot becomes a back door that allows the attacker to control the computer by issuing commands through Internet Relay Chat (IRC). It’s not entirely clear which virus or worm corrupted the machines used in a large-scale distributed denial-of-service attack against Akamai last June.
0 kommentar(er)
