Adware Installs Via IM

  • Thread starter Thread starter Anonymous Bob
  • Start date Start date
A

Anonymous Bob

WOW!

http://www.facetime.com/impactcenter/threatdetail.aspx?id=990
Variant of W32/Sdbot-AAH

In its original state, W32/Sdbot-AAH mainly spreads in IRC and
installs poker3.exe onto the PC. This then opens up a backdoor, and
allows numerous security holes to be exploited, including password
stealing and the ability to remotely upload code onto the
compromised PC.

If that seems pretty tame, read this thread:
http://www.broadbandreports.com/forum/remark,14044216

If I still don't have your attention, here's the download log:
http://www.spywareguide.com/greynets/urlview.txt

Does MSAS guard against IRC exploits?

Bob Vanderveen
 
I don't think there are agents working specifically with IRC. For that to
happen, it'd probably have to be a Microsoft IRC client--is there such a
critter?

However, the agents that look at the hooks such critters would use to
autostart and to integrate into windows should catch such things. As should
an active antivirus--this is as much an antivirus issue as an antispyware
one, I think.

It'd be interesting to do some testing on this--I've strenuously avoided
doing anything with IRC and know very little about it--but I'd bet that the
Microsoft folks working on their antivirus and antispyware initiatives are
well aware of these issues.
 
Back
Top