Table 4.8 File Names Agobot Uses to Spread Malware via P2P Set A

Table 4.8 continued
File Names Agobot Uses to Spread Malware via P2P
Set A
Set B (%s = )
%s - Game Trainer
Cameron Diaz
%s - Idem Duplicator
Carmen Electra
%s - Internet Play Fix
Chandra North
%s - Item Hack
Charlize Theron
%s - Map Hack
Christina Aguilera
%s - Multiplayer Cheat
Donna D’Erico
%s - Newest Patch
Emma Sjoberg
%s - NOCD Patch
Gillian Anderson
%s - Tweaking utility
Halle Berry
%s - Unlimited Healt Trainer
Helena Christensen
%s - Unlock Everything Trainer
Jessica Alba
%s 3D Setup
Jolene Blalock
%s newest version crack
Karina Lombard
Kate Moss
Katie Price
Kelly Hu
Kirsten Dunst
Kylie Bax
Kylie Minogue
Lexa Doig
Michelle Behennah
Pamela Anderson
Salma Hayek
Samantha Mumba
Sandra Bullock
Shakira
Stacey Keibler
Source:Trend Micro Inc. (www.trendmicro.com/vinfo/virusencyclo/
default5.asp?VName=WORM%5FAGOBOT%2EGEN&VSect=T)
www.syngress.com
Common Botnets • Chapter 4
117
427_Bot_ch04.qxt 1/9/07 3:03 PM Page 117

Spybot
Spybot is an evolution of SDBot. Like SDBot, the Spybot code is open source
and available for the public to modify and contribute to, to help develop fur-
ther functionality for the product.
The main differentiator for Spybot from SDBot is that Spybot adds a
number of spyware-like capabilities such as keystroke logging, e-mail address
harvesting, Web-surfing activities, and more.
Aliases
Again, antivirus and security vendors rarely agree on naming conventions, so
the same threat can have multiple names, depending on which vendor is sup-
plying the information. Here are some aliases for Spybot from the top
antivirus vendors:
■
McAfee: W32/Spybot.worm.gen
■
Symantec: W32.Spybot.Worm
■
Trend Micro: Worm_Spybot.gen
■
Kaspersky: Worm.P2P.SpyBot.Gen
■
CA: Win32.Spybot.gen
■
Sophos: W32/Spybot-Fam
Infection
Spybot spreads through a variety of methods, including the standard attempt
to propagate by finding open network shares with weak or nonexistent secu-
rity. Spybot also spreads via some P2P networks and seeks out systems com-
promised by other worms or malware to leverage existing backdoors or open
ports to infect systems.
Spybot contains the standard bot functionality of providing a backdoor for
a botherder to command and control the infected machine, but it also adds
some unique new features, such as the ability to broadcast Spam over Instant
Messaging (SPIM). It also attempts to modify the registry to prevent various
functions such as blocking the user from installing Windows XP SP2 or dis-
abling the Windows XP Security Center.

Download 6,98 Mb.

Do'stlaringiz bilan baham: