427 Botnet fm qxd

that has added to the longevity of the SDBot family is that the original devel-
oper essentially made it into an open-source malware program.The original
SDBot author released the source code for the bot and included his contact
information, providing a means of public collaboration and evolution to con-
tinue developing and improving the code.
The other key to the success of SDBot is poor security on the compro-
mised systems. SDBot relies on spreading itself primarily via network shares
using blank or common passwords. Systems with solid security and more
complex passwords will not be compromised by SDBot.
With so many variants, a comprehensive description of each would
require a book of its own.The following are the general details of how
SDBot works and propagates and how you can recognize common signs that
could indicate that your computer has been compromised by SDBot.
Aliases
Antivirus and security vendors rarely agree on naming conventions, so the
same threat can have multiple names, depending on which vendor is sup-
plying the information. Here are some aliases for SDBot from the top
antivirus vendors:
■
McAfee: IRC-SDBot
■
Symantec: Backdoor.Sdbot
■
Trend Micro: BKDR_SDBOT
■
Sophos:Troj/Sdbot
■
Kaspersky: Backdoor.IRC.Sdbot
■
CA: Win32.SDBot
Infection
The method of infection varies from one variant to the next, but SDBot tra-
ditionally takes advantage of insecure network shares or uses known vulnera-
bility exploits to compromise systems. Once SDBot is able to connect to a
vulnerable system, it will execute a script that will download and execute
SDBot to infect the system.

Download 6,98 Mb.

Do'stlaringiz bilan baham: