Virus writers add network sniffer to worm

By John Leyden
Published Tuesday 14th September 2004 11:18 GMT

Virus writers have grafted a network sniffer into the latest variant of the SDBot worm series.

So far there are no reports of SDBot-UH in the wild but the inclusion of selective network sniffing along with keystroke logging features and other backdoor capabilities has security researchers worried.

Sniffers are designed to monitor network traffic. They are widely used for network performance diagnostics but in this instance their function has been turned to malign purposes. Bundling a network sniffer with an auto-propagating worm makes it easier for hackers to harvest usernames and passwords than would otherwise be the case.

The sniffing capabilities of SDBot-UH worm focus on phrases associated with network logins and Paypal accounts. It also tries to steal the CD keys of games, according to an advisory by AV firm Trend Micro. Patrick Nolan, a security researcher at the Internet Storm Center, warns: "If the Trojans described by Trend can successfully transmit the filter's packet captures back to the owner, they are going to cause problems well beyond typical bot infestation issues."

SDBot-UH uses a variety of well-known Microsoft exploits to spread. It also looks for weak usernames and passwords to gain access to target machines. Malicious sniffers can be difficult to detect but Netcraft points to a number of tools such as Sentinel and AntiSniff that can be used to detect sniffers on a network. Individual users would do well to check that their network card is not set in promiscuous (sniffing) mode. ®


Original article, including additional info/links, can be found at;


http://www.theregister.co.uk/2004/09/14/network_sniffer_worm/

THE MUL

 

Well its a good thing this Virus is known of so people can prepare to protect themselves

 

man that sound nasty but if i had made it i would had called it hell hound

it reminds me of a demonic dog on a rampage rolleing threw cyber space looking for a victem