Virus writers add network sniffer to worm

Discussion in 'malware problems & news' started by the mul, Sep 15, 2004.

Thread Status:
Not open for further replies.
  1. the mul

    the mul Registered Member

    Jul 31, 2003
    By John Leyden
    Published Tuesday 14th September 2004 11:18 GMT

    Virus writers have grafted a network sniffer into the latest variant of the SDBot worm series.

    So far there are no reports of SDBot-UH in the wild but the inclusion of selective network sniffing along with keystroke logging features and other backdoor capabilities has security researchers worried.

    Sniffers are designed to monitor network traffic. They are widely used for network performance diagnostics but in this instance their function has been turned to malign purposes. Bundling a network sniffer with an auto-propagating worm makes it easier for hackers to harvest usernames and passwords than would otherwise be the case.

    The sniffing capabilities of SDBot-UH worm focus on phrases associated with network logins and Paypal accounts. It also tries to steal the CD keys of games, according to an advisory by AV firm Trend Micro. Patrick Nolan, a security researcher at the Internet Storm Center, warns: "If the Trojans described by Trend can successfully transmit the filter's packet captures back to the owner, they are going to cause problems well beyond typical bot infestation issues."

    SDBot-UH uses a variety of well-known Microsoft exploits to spread. It also looks for weak usernames and passwords to gain access to target machines. Malicious sniffers can be difficult to detect but Netcraft points to a number of tools such as Sentinel and AntiSniff that can be used to detect sniffers on a network. Individual users would do well to check that their network card is not set in promiscuous (sniffing) mode. ®

    Original article, including additional info/links, can be found at;

  2. smiddy

    smiddy Registered Member

    Sep 12, 2004
    Well its a good thing this Virus is known of so people can prepare to protect themselves
  3. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Feb 3, 2003
    on the sofa
    :cool: man that sound nasty but if i had made it i would had called it hell hound

    it reminds me of a demonic dog on a rampage rolleing threw cyber space looking for a victem
Thread Status:
Not open for further replies.