NEWS A new iteration of a Trojan horse with an unusually comprehensive set of features has appeared.
Phatbot, also known as Agobot, is a powerful piece of malware that opens a back door on a computer and connects to its own peer-to-peer network of infected machines. Once a computer is infected and connected to this P2P network, the author of Phatbot has complete control over the computer and can use it for any number of malicious tasks.
Mikko Hyppönen, director of antivirus research at F-Secure, said: "Phatbot is dangerous because it is so feature-rich that you can do anything - it's probably the largest back-door we have ever seen in terms of features."
"It has a multitude of different methods of gaining access to a machine, including the back doors left by Bagle, MyDoom and Blaster. Phatbot is the Swiss army knife of Trojan horses," he added.
"When it gains control of a machine, it connects to this P2P network that allows the virus writer to control and send commands to the infected hosts. As a backup, it also uses an IRC channel. There are hundreds of different commands ranging from various types of DDoS attacks to stealing everything from the address book to deleting files and finding new hosts to infect."
However, Graham Cluley, senior technology consultant at Sophos, said Phatbot can be dealt with by regular antivirus software and may be garnering attention partly because of its new moniker.
"We have seen lots of different versions of this Agobot, but someone started referring to it with the trendier name of Phatbot and now people have started getting excited about it," he said.
Munir Kotadia writes for ZDNet UK
Comments
There are 4 comments. Join the discussion
1. anonymous
*shivers* how do you get rid of it once you get it?
2. anonymous
Wow, another virus, surprise surprise.
3. Ian Savell
Mandatory firewalls for broadband users?
A friend had broadband installed recently and within a day or so had a mass-mailing trojan on his PC - before he had got round to installing firewall software. He had antivirus software but had disabled automatic updating (because it used up too much bandwidth when he was on dial-up). so it was a week or so out of date.
Is it time broadband suppliers made it a condition of supply that as a minimum customers install a NAT router between the wire and their PC?
When first installed cable broadband I was told routers were not supported, only a direct PC connection. The supplier still doesn't "officially" support routers but encourages users to install Zonealarm. Installing and tuning Zonealarm was far more difficult than plugging in a £50 firewall router.
The suppliers lose out through having to constantly clear trojan traffic from their networks and uninfected customers suffer because the infected systems chew up upstream bandwidth on their 20- or 50-1 contention lines.
Come on broadband providers, do us all a favour and eliminate the "unprotected users".
4. anonymous
I fully agree with Ian Savell. I have always run a firewall with my broadband connection, although I only bought a hardware box this year. Clueless users are causing havoc for private individuals and businesses alike. The ISPs providing broadband should realise that most users are stupid and provide firewalls as part of the package. A hardware combined router/(DSL|cable) modem surely is not beyond the realms of technology. ISPs could provide a preconfigured box, locked down. Then the dumb ones can plug it in and go. Those of use with more nous can open up services we want to use.