NGRBot spreads via chat

From Botnets.fr
Revision as of 21:04, 5 August 2015 by Eric.freyssinet (talk | contribs) (Text replacement - " blogs.mcafee.com" to "")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

(Publication) Google search: [1]

NGRBot spreads via chat
Botnet Dorkbot
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / September 20, 2012
Editor/Conference McAfee
Link http://blogs.mcafee.com/mcafee-labs/ngrbot-spreads-via-chat (Archive copy)
Author Niranjan Jayanand
Type

Abstract

NGRBot is a worm that propagates through chat messengers, the Internet Relay Chat channel, social networking sites etc. It steals FTP and browser passwords and can cause a denial of service by flooding.

NGRBots use the IRC network for file transfer, sending and receiving commands between zombie network machines and the attacker’s IRC server, and monitoring and controlling network connectivity and intercept. It employs a user-mode rootkit technique to hide and steal its victim’s information. This family of bot is also designed to infect HTML pages with iframes, causing redirections, blocking victims from getting updates from security/antimalware products, and killing those services. The bot is designed to connect via a predefined IRC channel and communicate with a remote botnet.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1166,
   editor = {McAfee},
   author = {Niranjan Jayanand},
   title = {NGRBot spreads via chat},
   date = {20},
   month = Sep,
   year = {2012},
   howpublished = {\url{http://blogs.mcafee.com/mcafee-labs/ngrbot-spreads-via-chat}},
 }

Retrieved from "https://www.botnets.fr/index.php?title=NGRBot_spreads_via_chat&oldid=5783"