Latest Phatbot angles for SQL server
Published: 20 Apr 2004 09:25 BST
A new variant of the Phatbot worm may be on the loose and attempting to attack SQL Server ports, according to a warning that the SANS Institute issued on Monday.
Last month, Phatbot made the rounds, attacking Windows systems by acting as a Trojan horse. Phatbot would then link infected computers into an underground network for sending spam or launching other attacks. SANS is currently in the process of attempting to capture a full packet of data -- or an executable file -- for further analysis of Phatbot.
The worm probes Transmission Control Protocol ports 2745, 1025, 3127, 6129, 5000, 80 and 1433, as well as Microsoft's NetBIOS, according to the SANS report.
"There has also been conjecture that the port 1981 increase is potentially also connected to another variant of Phatbot," SANS noted in its handler's diary.
Phatbot relies on "peer to peer" technology, which makes it more difficult to eliminate, because there is no central command centre for its network.
"The Phatbot has been morphing and changing daily," said Marcus Sachs, director of SANS Internet Storm Centre. "We're conjecturing that this is another version of Phatbot."
Microsoft, meanwhile, said it has not received any new reports of the Phatbot worm, a company representative said.
Did you find this article useful?
72 out of 125 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
