A good example is Telnet or Microsoft's Server Message Block The ability to spread to systems by brute forcing a login.
Attempts to hijack common Trojan horses that accept incoming connections via an open port.MS05-039 Plug and Play Remote Buffer Overflow.MS03-026 RPC DCOM Remote Buffer Overflow.The following propagation methods are sub-modules to the port scanning engine: The Agobot may contain other features such as: Port scanner used to find and infect other hosts.Remotely update and remove the installed bot.Password Protected IRC Client control interface.Most Agobots have the following features: This mix-matching of modules to suit the owner's needs has inspired many of the worm's variants. An infectious Agobot can vary in size from ~12kbyte to ~500kbyte depending on features, compiler optimizations and binary modifications.Ī module written for one member in the Agobot family can usually be ported with ease to another bot. In fact the majority of modern Agobot strains must be built with Visual Studio due to its reliance on Visual Studio's SDK and Processor Pack. The majority of the development force behind Agobot is targeting the Microsoft Windows platform as a result the vast majority of the variants are not Linux compatible. Agobot now has several thousand variants. Other bots in the Agobot family are Phatbot and Forbot. New versions, or variants, of the worm appeared so rapidly that the Agobot family quickly grew larger than other bot families.
0 kommentar(er)
