posted on Mar, 18 2004 @ 04:11 PM
New Hacker Program Prompts Alert -
Security Experts Scramble to Get Control of 'Phatbot'
Threat Overstated?
I am not sure why this DHS report took so long to surface into the mainstream, but my colleagues and I have been aware of this Trojan for some time
now. Our intrusion detection and monitoring systems have confirmed that this malicious software is indeed ?in the wild? and spreading. The existence
of the Trojan and its earlier versions is old news and the rate at which it seems to be spreading is modest. The first indication of the problem was
in early March increased scanning activity on TCP ports 4387 and 65506 which were immediately blocked at the perimeter of the network.
Washington Post on "Phatbot" (registration required to read)
Computer security experts in both the private sector and U.S. government are monitoring the emergence of a new, sophisticated hacker program that
connects infected computers to far-flung peer-to-peer file-sharing networks.
By some estimates, hundreds of thousands of computers running Microsoft's Windows operating system have already been infected worldwide. The
program, software code that security researchers have dubbed "Phatbot," allows its authors to gain control over computers and link them into
file-sharing networks that can be used to send large amounts of spam e-mail messages or to flood Web sites with data in an attempt to knock them
offline.
The new hacker threat caught the attention of cybersecurity officials at the U.S. Department of Homeland Security, prompting the agency to send an
alert last week to a select group of computer security experts. In the alert, the agency warned that Phatbot snoops for passwords on infected
computers and tries to disable firewall and antivirus software.
Statement from @Risk:
?Phatbot Trojan Spreading To More Systems Than Code Red - A veritable Swiss Army Knife of attack tools is disabling antivirus tools, stealing
passwords, connecting systems to peer-to-peer networks and setting the victim systems up to send spam and DDoS traffic. Hundreds of thousands of
systems (numbers greater than the Code Red infestation) are infected. DHS put out a private alert to selected security experts.?
This is a story definitely worth following considering the chaos created when the original ?Code Red? hit, but I tend to agree with the opinion stated
by InfoWorld:
?"I think there are a lot of people getting very excited about something that's not very important," said Graham Cluley, senior technology
consultant at Sophos PLC.?
The most telling comment was this, "The DHS did not respond to a request for comment on Phatbot."
InfoWorld on Phatbot threat -
More information on "Phatbot" -
www.lurhq.com...
www.f-secure.com...
[Edited on 19-3-2004 by Zion Mainframe]