A new worm that leaves behind two Trojan horse programs has begun spreading over the Internet, and may be paving the way for a crippling distributed denial of service (DDoS) attack. Although the experts are not yet rating this worm as a high-risk to users, the technical make-up of the Trojans it leaves behind is of concern. They consist of a commonly used piece of network administration software called Virtual Network Computing (VNC), and an Internet Relay Chat (IRC) “bot”. The VNC component allows an attacker to connect to an infected system and control it as if they were in front of it. They have full access through a graphical user interface. The IRC bot, when activated, connects to a remote server and waits for commands, which could mean that infected systems are going to be used for a massive DDoS attack. This worm, unlike others such as Klez, requires no user interaction to spread – it exploits common passwords, such as “password” and “computer”, in share directories in Windows NT/2000/XP machines and hence spreads automatically. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.