November 19th, 2005 at 4:54 am
This new article is from:
www dot xatrix dot org/article.php?s=4166
W32/Sdbot-ADD is a worm with a troubling and innovative twist – it installs a root-kit backdoor on any machine it manages to infect.
The attack starts with an AOL IM user being asked to open a link. Clicking on this starts the infection sequence, dropping of a number of adware files, and the rootkit software itself, lockx.exe.
Once on the PC, the malware attempts to shut down anti-virus software, install software that allows the PC to be remotely controlled by IRC, and open a backdoor for future attack. It also contains an SMTP engine with which to collect email addresses.
According to Chris Boyd of Facetime, the researcher who first discovered the malware, it has strange properties that mark it out. Several of the adware components it installs have been seen before, but what was innovative was the mixture of many different components, the installation of such a potentially dangerous executable, and the fact it attacks via the generally unprotected channel of instant messaging.
This new article is from:
www dot xatrix dot org/article.php?s=4166
W32/Sdbot-ADD is a worm with a troubling and innovative twist – it installs a root-kit backdoor on any machine it manages to infect.
The attack starts with an AOL IM user being asked to open a link. Clicking on this starts the infection sequence, dropping of a number of adware files, and the rootkit software itself, lockx.exe.
Remote Support Software
PC Remote Control
Once on the PC, the malware attempts to shut down anti-virus software, install software that allows the PC to be remotely controlled by IRC, and open a backdoor for future attack. It also contains an SMTP engine with which to collect email addresses.
According to Chris Boyd of Facetime, the researcher who first discovered the malware, it has strange properties that mark it out. Several of the adware components it installs have been seen before, but what was innovative was the mixture of many different components, the installation of such a potentially dangerous executable, and the fact it attacks via the generally unprotected channel of instant messaging.
0 comments:
Post a Comment