Password Sniffing Worms

SDBot is known as the first computer worm with the ability eavesdrop on network traffic following infection. Its primary intent is to scan active traffic on interconnected network computers in search of passwords and financial data. SDBot is able to propagate by exploiting a number of vulnerabilities in the Windows operating system. From there, it attempts to compromise other machines on the network using a dictionary attack of obvious passwords such as "1234" or "administrator1."

How SDBot Works

When installed, SDBot executes a specially designed network sniffing program, the feature that allows it to thieve critical data. It then makes a connection to an IRC (Internet Chat Relay) network. This gives the malicious writer the opportunity to seize complete control of the infected computer or harvest data from it. Being that it mainly depends on older software bugs, SDBot can be easily contained. The best remedy is system patches, software updates and strong password schemes.

While SDBot doesn't inflict much physical damage, observers are concerned about its network snooping capability. Experts fear that if it can successfully capture packets from a filter and transmit them back to the creator, SDBot will cause problems that go far beyond conventional infection. The practice of network sniffing involves monitoring packets as they move through a network. This technique is often used on compromised networks by hackers in search of usernames and passwords.

SDBot operates by automatically filtering network traffic for patterns of data that typically come before the transmission of a passing username and password. If such a pattern is identified, the worm instantly records the data. SDBot has also been known to search for packets that include "PayPal," a popular service used to transfer money on the web.

Many security experts have stated that password sniffing is difficult to detect because of its passive nature. Most computer worms typically use infected computers to plague a web server or to distribute mass spam mailings, both of which are easy for an administrator to detect due to the additional traffic. Experts also warn that several more highly contagious worms may come equipped with similar sniffing capabilities. Once a malicious writer introduces a concept, the others to follow up with ways to improve on it.

Protecting your Passwords

Most worms use the email system to propagate. Anyone using Outlook or Outlook Express should install the latest patches from the Microsoft website. You can also protect yourself by keeping your programs and the operating system itself up to date. Here a few more tips:

- Avoid email attachments whenever possible, whether you're sending or receiving a message. If you open it, you can be infected; if you're infected, you can send it to someone else.

- Never open email attachments with compound file extensions: NAME.BMP.EXE, NAME.TXT.VBS

- Be cautious of file sharing networks and with whom you share files.

- Never accept attachments from strange sources in chat systems like ICQ, IRC or Yahoo and AOL Instant Messenger.

- Remain cautious when downloading files from public newsgroups, as they are commonly used to distribute malware.

With caution and awareness, you can keep your passwords safe from malicious sniffing worms.

Log in or sign up to comment.

Post a comment

Log in or sign up to comment.

With the advent of wireless Internet, more and more computer users are entering the world of cyber space.

Yet, while these users are well aware of the importance of the protection of their computer when hooked up to regular internet providers, they are often oblivious to the fact that the same cyber dangers, and in fact even more, exist in the world of WiFi.

What you may not know is that same Internet connection that makes it possible to check your email from the comfort of your bed also makes it easier for hackers to access your personal information.

It is for this reason, the sharing of the wireless Internet connection, that protecting your computer when wireless is even more important than ever before.