It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

SCI/TECH: Dept. of Homeland Security Alert: 'Phatbot' Trojan Horse

page: 1
0

log in

join
share:

posted on Mar, 18 2004 @ 04:11 PM
link   
New Hacker Program Prompts Alert - Security Experts Scramble to Get Control of 'Phatbot'

Threat Overstated?
 


I am not sure why this DHS report took so long to surface into the mainstream, but my colleagues and I have been aware of this Trojan for some time now. Our intrusion detection and monitoring systems have confirmed that this malicious software is indeed ?in the wild? and spreading. The existence of the Trojan and its earlier versions is old news and the rate at which it seems to be spreading is modest. The first indication of the problem was in early March increased scanning activity on TCP ports 4387 and 65506 which were immediately blocked at the perimeter of the network.

 


Washington Post on "Phatbot" (registration required to read)

Computer security experts in both the private sector and U.S. government are monitoring the emergence of a new, sophisticated hacker program that connects infected computers to far-flung peer-to-peer file-sharing networks.
By some estimates, hundreds of thousands of computers running Microsoft's Windows operating system have already been infected worldwide. The program, software code that security researchers have dubbed "Phatbot," allows its authors to gain control over computers and link them into file-sharing networks that can be used to send large amounts of spam e-mail messages or to flood Web sites with data in an attempt to knock them offline.
The new hacker threat caught the attention of cybersecurity officials at the U.S. Department of Homeland Security, prompting the agency to send an alert last week to a select group of computer security experts. In the alert, the agency warned that Phatbot snoops for passwords on infected computers and tries to disable firewall and antivirus software.

Statement from @Risk:
?Phatbot Trojan Spreading To More Systems Than Code Red - A veritable Swiss Army Knife of attack tools is disabling antivirus tools, stealing passwords, connecting systems to peer-to-peer networks and setting the victim systems up to send spam and DDoS traffic. Hundreds of thousands of systems (numbers greater than the Code Red infestation) are infected. DHS put out a private alert to selected security experts.?

This is a story definitely worth following considering the chaos created when the original ?Code Red? hit, but I tend to agree with the opinion stated by InfoWorld:
?"I think there are a lot of people getting very excited about something that's not very important," said Graham Cluley, senior technology consultant at Sophos PLC.?
The most telling comment was this, "The DHS did not respond to a request for comment on Phatbot."

InfoWorld on Phatbot threat -

More information on "Phatbot" -
www.lurhq.com...
www.f-secure.com...



[Edited on 19-3-2004 by Zion Mainframe]




posted on Mar, 18 2004 @ 04:43 PM
link   
I had a trojan horse once. I had to take my computer with the software to rewrite everything and lost all my files. Formatting my hard drive with the program that came with the computer wasnt enough to destroy it.



new topics
 
0

log in

join