SDBot IRC botnet continues to make waves
(Publication) Google search: [1]
SDBot IRC botnet continues to make waves | |
---|---|
Botnet | SDBot |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2009 / 2009-12 |
Editor/Conference | Trend Micro |
Link | http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp sdbot irc botnet continues to make waves pub.pdf (Archive copy) |
Author | Loucif Kharouni |
Type | White paper |
Abstract
“ SDBOT malware variants usually propagate through network shares and exploited unpatched vulnerabilities. They also exhibit a number of backdoor capabilities and some information theft routines. Some variants even have the capability to bypass security measures and to overwrite system files in order to maximize their network connection capacity.
SDBOT malware have been around as early as 2004. Most of the bots that use Internet Relay Chat (IRC) protocol communication such as AGOBOT, IRCBOT, RBOT, and others have been around as early as 2001. However, these kinds of malware rarely attract attention due to their ability to silently operate. These bot malware are neither heavy email spammers nor resource hogs. They hardly ever disrupt normal computer activities—say, Internet browsing—so their victims never notice that their computers have been infected.
In this paper, the researcher focused on SDBOT variants and their final payload—the installation of pay-per-install programs. The contents of this paper are targeted at security analysts and specialists. It includes an in-depth technical analysis of the SDBOT threat and takes a look behind the scenes at the business model used by the cybercriminal gang to rent out SDBOT’s reach and download capability.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2009BFR2120, editor = {Trend Micro}, author = {Loucif Kharouni}, title = {SDBot IRC botnet continues to make waves}, date = {01}, month = Dec, year = {2009}, howpublished = {\url{http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_sdbot_irc_botnet_continues_to_make_waves_pub.pdf}}, }