427 Botnet fm qxd

Like SDBot and Agobot, Spybot is easily customizable, a fact that complicates
attempts to detect and identify this bot. According to some, this bot client is
poorly written. It is similar in function to Agobot and is related to SDBot,
Rbot, URBot, and URXBot. Different variants of Spybot have the following
capabilities:
■
Port scanning for open ports
■
Launching DDoS attacks like UDP and SYN flooding
■
Checking to prune or manage older systems (Win 9x) and systems
that connect via modem
■
Using social engineering to entice P2P users to download the infec-
tion module of Spybot
■
Attempting to deceive users by posting a fake error message after the
user runs the infection module
■
Logging of all keystrokes or only of keystrokes entered in Internet
Explorer
■
Logging of everything copied to the Windows clipboard
■
Grabbing cached passwords on Win 9x systems
■
Some newer variants of Spybot capture screenshots around the part
of the screen where a mouse click has occurred.This capability per-
mits the botherder to defeat new security measures taken by some
banks.These banks have users click on a graphical keypad to enter
their PIN or password.
■
Although rare, some variants of Spybot are capable of sending spam
messagesover instant messaging systems.These messages are reffered
to as spim.
■
Sniffing the network, sometimes for user IDs and passwords, some-
times for the presence of other IRC channels to exploit.
■
Killing the processes of antivirus and other security products
■
Newer variants have begun including a rootkit, usually a hacked or
modified version of the FU rootkit.
■
Control of webcams, including streaming video capture

Download 6,98 Mb.

Do'stlaringiz bilan baham: