Phatbot primed to steal your credit card details

Found on The Register on Saturday, 20 March 2004

Phatbot is a variant of a Agobot, a big family of IRC bots. It can steal personal information such as email addresses, credit card numbers, PayPay details and software licensing codes. It forwards this information using a peer-to-peer (P2P) network, rather than IRC channels exploited by its predecessors. Earlier versions of the bug go by monikers such as Phat, Backdoor.Agobot.fo and Gaobot, according to F-Secure.

Phatbot inserts backdoors which can be used to perform distributed denial of service (DDoS) attacks aimed at shutting down Web sites including those of German Internet hosting company Schlund, US telecoms firm XO and Stanford University. The bug also terminates processes belonging to competing malware such as MSBlast.

"Phatbot is causing quite a bit of stir over here," said Conor Flynn, technical director of US e-security company Rits. "The US Department of Homeland Security sent a number of companies an emergency release about the worm which was then leaked anonymously to The Washington Post," he told ElectricNews.Net. The potential impact of Phatbot on users is much bigger than with previous worms and viruses ,vecause it can harvest passwords, product registration codes and credit card numbers and then send this information back to the authors, he said.

I read about that one a few days ago; the list of remote commands it supports makes it a powerful tool. Especially when a few hundred/thousand are building a botnet. Somebody has done an impressive coding job here.

Browse all articles« Previous « » Next »