Results 1 to 4 of 4

Thread: SDBot-UH Worm with a Network Sniffing Kicker

  1. September 18th, 2004, 05:46 PM #1
    Relyt
    Relyt is offline
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675

    SDBot-UH Worm with a Network Sniffing Kicker

    The struggle against the virus writers continues to also be a battle of innovation. While we are attempting to keep our signatures updated and create better prevention and detection techniques, the other side is being just as persistent. One of their latest pieces of work is a variant of the SDBot worm series called: SDBot-UH

    This jewel has a network sniffer, improved backdoor access, and a doggon keystroke logger. It appears that once infected, the deviant will be able to reap user names and pwds like never before. And of course it possess all the other traits of a worm.

    Additional info: here

    The good news
    So far there are no reports of SDBot-UH in the wild
    cheers
    Connection refused, try again later.
    Reply With Quote Reply With Quote
  2. September 18th, 2004, 07:27 PM #2
    therenegade
    therenegade is offline
    Senior Member therenegade's Avatar
    Join Date
    Apr 2003
    Posts
    400
    I believe I've heard it's based on old windows exploits,thus rendering it not quite as potentially harmful as it could've been...all the same..definitely worrying though..just a small point..I thought the purpose of spreading viruses was to wreak havoc over networks...slow them down..render them useless...now...if one person was spreading this...what'd he want with so much info(agreed there might be credit card numbers etc) but wouldnt it also lead back to him somehow in some way?
    Reply With Quote Reply With Quote
  3. September 18th, 2004, 08:27 PM #3
    Relyt
    Relyt is offline
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    This particular critter’s origins are believed to be Russian and a few of its alias were: Backdoor.SdBot.gen (AVP), Backdoor/IRC.SdBot (RAV), Mindjail. The first appearance was as IRC-Sdbot. It was considered a Trojan and over time obviously it has been tweaked and now is a auto-propagating worm. It still retains the backdoor access capabilities and additionally it does use well known window’s exploits to infect.

    cheers
    Connection refused, try again later.
    Reply With Quote Reply With Quote
  4. September 19th, 2004, 03:47 AM #4
    helplesslyhopin
    helplesslyhopin is offline
    Member
    Join Date
    Jul 2004
    Posts
    70
    heh. yeah sdbot has been around for ages.. gawd, there are SO many variations of it.
    I cleaned a box the other day with some 20+ instances of the S version.. and a few of of a version (GH?) that didn't even show up (but were detected) on lists at some av vendors.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules