New Phatbot worm may be on the loose

Published on Apr 20, 2004 05:10 PM IST

A new variant of the Phatbot worm may be on the loose and attempting to attack SQL Server ports, according to a warning the SANS Institute issued Monday.

HT Image
HT Image
PTI | ByDawn Kawamoto

A new variant of the Phatbot worm may be on the loose and attempting to attack SQL Server ports, according to a warning the SANS Institute issued Monday.

Last month, Phatbot made the rounds, attacking Windows systems by acting as a Trojan horse. Phatbot would then link infected computers into an underground network for sending spam or launching other attacks. SANS is currently in the process of attempting to capture a full packet of data--or an executable file--for further analysis of Phatbot.

The worm probes Transmission Control Protocol ports 2745, 1025, 3127, 6129, 5000, 80 and 1433, as well as Microsoft's NetBIOS, according to the SANS report.

"There has also been conjecture that the port 1981 increase is potentially also connected to another variant of Phatbot," SANS noted in its handler's diary.

Phatbot relies on "peer to peer" technology, which makes it more difficult to eliminate, because there is no central command center for its network.

"The Phatbot has been morphing and changing daily," said Marcus Sachs, director of SANS Internet Storm Center. "We're conjecturing that this is another version of Phatbot."

Microsoft, meanwhile, said it has not received any new reports of the Phatbot worm, a company representative said.

Get Latest India Newsalong with Latest Newsand Top Headlinesfrom India and around the world.
SHARE THIS ARTICLE ON
SHARE
Story Saved
×
Saved Articles
Following
My Reads
My Offers
Sign out
New Delhi 0C
Monday, October 03, 2022
Start 15 Days Free Trial Subscribe Now
Register Free and get Exciting Deals