Cloning A clone is any connection to an IRC server over and above the first connection. www.syngress.com

■
BNC (Bounce)
A method for anonymizing Bot client access to a
server.
Today, all variations of bot technology that are based on mIRC are said to
be members of the GT Bot family.These bot clients did not include a mecha-
nism for spreading itself directly. Instead, they would use variations on social
engineering ploys. A common ploy used to infect systems was an e-mail that
claimed to be from a security vendor. If the user clicked on the embedded
link they were taken to a Web site that delivered the client to the victim.
These early botnet clients were not modular, but rather were all contained in
a single package.
SDBot
Early in 2002, SDBot appeared. It was written by a Russian programmer
known as sd. SDBot is a major step up the evolutionary chain for bots. It was
written in C++. More important to the evolution of botnet technology, the
author released the source code, published a Web page, and provided e-mail
and ICQ contact information.This made it accessible to many hackers. It was
also easy to modify and maintain. As a result, many subsequent bot clients
include code or concepts from SDBot. SDBot produced a small single binary
file that contained only 40KB of code.
A major characteristic of the SDBot family is the inclusion and use of
remote control backdoors.
SDBot family worms spread by a variety of methods, including:
■
NetBios (port 139)
■
NTPass (port 445)
■
DCom (ports 135, 1025)
■
DCom2 (port 135)
■
MS RPC service and Windows Messenger port (TCP 1025)
■
ASN.1 vulnerability, affects Kerberos (UDP 88), LSASS.exe, and
Crypt32.dll (TCP ports 135, 139, 445), and IIS Server using SSL
■
UPNP (port 5000)

Download 6,98 Mb.

Do'stlaringiz bilan baham: