Password Sniffing Worms

SDBot is known as the first computer worm with the ability eavesdrop on network traffic following infection. Its primary intent is to scan active traffic on interconnected network computers in search of passwords and financial data. SDBot is able to propagate by exploiting a number of vulnerabilities in the Windows operating system. From there, it attempts to compromise other machines on the network using a dictionary attack of obvious passwords such as "1234" or "administrator1."

How SDBot Works

When installed, SDBot executes a specially designed network sniffing program, the feature that allows it to thieve critical data. It then makes a connection to an IRC (Internet Chat Relay) network. This gives the malicious writer the opportunity to seize complete control of the infected computer or harvest data from it. Being that it mainly depends on older software bugs, SDBot can be easily contained. The best remedy is system patches, software updates and strong password schemes.

While SDBot doesn't inflict much physical damage, observers are concerned about its network snooping capability. Experts fear that if it can successfully capture packets from a filter and transmit them back to the creator, SDBot will cause problems that go far beyond conventional infection. The practice of network sniffing involves monitoring packets as they move through a network. This technique is often used on compromised networks by hackers in search of usernames and passwords.

SDBot operates by automatically filtering network traffic for patterns of data that typically come before the transmission of a passing username and password. If such a pattern is identified, the worm instantly records the data. SDBot has also been known to search for packets that include "PayPal," a popular service used to transfer money on the web.

Many security experts have stated that password sniffing is difficult to detect because of its passive nature. Most computer worms typically use infected computers to plague a web server or to distribute mass spam mailings, both of which are easy for an administrator to detect due to the additional traffic. Experts also warn that several more highly contagious worms may come equipped with similar sniffing capabilities. Once a malicious writer introduces a concept, the others to follow up with ways to improve on it.

Protecting your Passwords

Most worms use the email system to propagate. Anyone using Outlook or Outlook Express should install the latest patches from the Microsoft website. You can also protect yourself by keeping your programs and the operating system itself up to date. Here a few more tips:

- Avoid email attachments whenever possible, whether you're sending or receiving a message. If you open it, you can be infected; if you're infected, you can send it to someone else.

- Never open email attachments with compound file extensions: NAME.BMP.EXE, NAME.TXT.VBS

- Be cautious of file sharing networks and with whom you share files.

- Never accept attachments from strange sources in chat systems like ICQ, IRC or Yahoo and AOL Instant Messenger.

- Remain cautious when downloading files from public newsgroups, as they are commonly used to distribute malware.

With caution and awareness, you can keep your passwords safe from malicious sniffing worms.

Log in or sign up to comment.

Post a comment

Log in or sign up to comment.
Identity theft comes in many forms.

A person\92s identity can be 'borrowed' for the purpose of creating fictional credit cards or a person\92s entire identity can be usurped to the point where they can have difficulty proving that they really are who they claim to be.

Up to 18% of identity theft victims take as long as four years to realize that their identity has been stolen.

There are many ways to protect your personal identity and many steps you can take to prevent your identity from being stolen:

*Never give out unnecessary personal information
*Never provide bank details or social security numbers over the Internet
*Always remain aware of who is standing behind you when you type in your personal credit codes at ATM machines and at supermarket checkout swipe machines.