Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

It's Phat To Use P-2-P To Hack


  • Please log in to reply
2 replies to this topic

#1 Guest_MrSnausage_*

Guest_MrSnausage_*

  • Guests
  • OFFLINE
  •  

Posted 18 March 2004 - 12:22 AM



There is a new trojan spreading through the wild called Phatbot. This Bot spreads itself by scanning large blocks of Internet addresses and infects computers that has a vulnerability it knows how to exploit. How it infects computers is not that original, but how the bots are controlled by their master is. The creator of this particular Bot controls these bots through a P2P network called WASTE.


Phatbot is a direct decendant of a Bot called Agobot. Agobot had many similarities with Phatbot, but was mostly controlled through an IRC channel in which it would connect to when the computer started. The creator of Phatbot decided to use a little known P2P network called Waste which was created by a division of AOL called Nullsoft.

The Bots connect to a Gnutella Server where they are then able to see other Phatbot's that are connected to the network. This way they can connect to each other and create a Peer-2-Peer network in which they can communicate with each other. The creator can then issue commands to the Bot in order to make it do certain tasks.

THe main danger of this Bot is the amount of commands it has and the types of vulnerabilities it can exploit. From what has been diagnosed this Bot can scan for most of the known Windows exploits, steal passwords, cd keys, paypal cookies, sniff traffic, send spam from your computer, and much more. You will probably hear more about this Bot in the days to come, and be sure to update your virus protections every day as a new update will most likely be coming out soon.




BC AdBot (Login to Remove)

 


#2 dudeman

dudeman

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Location:TX

Posted 21 April 2004 - 03:57 PM

That's great that you know it's out there but what port does it use, how often... whatever??!! Does anyone know how to detect it? I haven't seen anything in my logs or my firewalls haven't detected anything. SAV didn't find anything either. So I either might not have it or it is bypassing all my security, :thumbsup: which i wouldn't be suprised.

Dudeman

#3 Guest_MrSnausage_*

Guest_MrSnausage_*

  • Guests
  • OFFLINE
  •  

Posted 21 April 2004 - 04:08 PM

Only analysis about this particular trojan I have been able to find is at these links:

http://www.lurhq.com/phatbot.html

http://news.com.com/2100-7349_3-5194719.html




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users