Views

Worms with sniffer capabilities on the move

written by Michael on Wednesday, January 14th, 2009 at 20:23

From the Websense Security Labs:

We also found a network sniffer used to monitor the network traffic. The worm searched for special keywords in the network flow such as “RCPT TO:”, “MAIL FROM:”, the two keywords used for SMTP protocol. When the malware found one of these keywords in the network traffic, it would parse some useful information such as the email address, username, and password, then send the details to the hardcoded server: in this case, hxxp://91.[removed].57/cgi-bin/forms.cgi

Interesting with the sniffer capabilities of the malware, that isn’t something you see everyday (at least not yet). Hopefully it doesn’t catch on, but I guess it will. Now even the malware will start attacking your network (and not just the network nodes) in a serious way, and I guess that more intelligent sniffing is on its way.

  • Share/Bookmark

You can follow any responses to this entry through the RSS 2.0 feed.
Responses are currently closed, but you can trackback from your own site.
Trackback URL: http://michaelboman.org/blog/2009/01/14/worms-with-sniffer-capabilities-on-the-move/trackback/

Comments are closed.

Personal tools