
	Where results make sense

Topic: Agobot

Related Topics

Charles Guthrie

AOL Arena

In the News (Tue 22 Dec 09)

Northern Trust

Marvin Harrison

Peter Chernin

Gary Locke

Match Play

Penelope Cruz

Mickey Rourke

AR Rahman

Danny Boyle

Hugh Jackman

	infectionvectors.com - agobot & the kitchen sink.
		This analysis places the Agobot code in the category of “virus kit.” From this categorization, Agobot is presented as possibly the most successful kit virus in history, not because of the sheer number of variants or hosts it has infected, but because of the adjustments in virus defense it has required.
		Agobot doesn’t fit the standard model of a “kit virus” (or the term “virus” altogether, see next section), as it is not limited to a set of variables arranged in a worm generator.
		Agobot infections necessarily mean that the user does not know what may have been done with or to their machine and all the data residing within it.
	www.infectionvectors.com /vectors/kitchensink.htm (5584 words)

	Overview
		Agobot is a worm that spreads by copying itself, without infecting other files.
		Agobot prevents access from programs to websites of several companies related with security tools (antivirus programs, firewalls, etc.).
		Agobot redirects attempts to access web pages of certain banks to spoofed pages, with the aim of logging information entered by the user in these pages.
	www.pandasoftware.com /virus_info/encyclopedia/overview.aspx?idvirus=38512 (203 words)

	Suspect arrested in Phatbot, Agobot malware case (Site not responding. Last check: 2007-11-02)
		Agobot is a Trojan horse program that surreptitiously runs on computers running Microsoft Corp.'s Windows operating systems, providing malicious hackers with secret access to the compromised system.
		The computer code for Agobot circulates widely on the Internet, and may have been modified by countless individuals with access to it, said Mikko Hypponen, manager of antivirus research at F-Secure Corp. in Helsinki, Finland.
		F-Secure has provided information to authorities on Agobot and Phatbot before, including the Internet Relay Chat log files containing user names and the IP addresses of individuals who were selling customized versions of the Trojan horse program online, Hypponen said.
	www.computerworld.com /printthis/2004/0,4814,93036,00.html (556 words)

	Agobot (computer worm) - Wikipedia, the free encyclopedia
		Agobot, also frequently known as Gaobot, is a family of computer worms that infects the Microsoft Windows operating system, though there is also a Linux port of the bot.
		Because development was a team-based effort, and because the bot was to be modified by the community through its modular design, the authors of this family chose to make Agobot open source.
		Earlier versions mostly used the RPC DCOM buffer overflow, although now some use the LSASS buffer overflow, for which Agobot was the first bot known to use the vulnerability (which raised the ISC infocon for a few days).
	en.wikipedia.org /wiki/Agobot_(computer_worm) (343 words)

	Win32/Agobot Family
		Agobot determines the location of the current System folder by querying the operating system.
		Agobot may scan for machines to infect via network shares by probing ports 139 and 445.
		Agobot's main function is to act as an IRC controlled backdoor.
	www3.ca.com /threatinfo/virusinfo/virus.aspx?id=37776 (726 words)

	F-Secure Computer Virus Information Pages: Agobot.F
		The most important step of disinfection is the installation of security patches for the vulnerabilities exploited by Agobot.
		Agobot has several different methods to spread through the network.
		To propagate in local area networks Agobot has a separate routine that connect to Windows computers and tries to copy itself using the Administrator account trying with different trivial passwords.
	www.f-secure.com /v-descs/agobot_f.shtml (386 words)

	Agobot HTTP Share Enumeration
		Agobot is a worm with a backdoor component infecting Microsoft Windows operating systems.
		Agobot scans a network for vulnerable systems and notifies the attacker with a vulnerable system's IP address.
		Agobot can be used to launch a denial of service (DoS) attack, such as HTTP flood, UPD flood, SYN flood, and Ping flood.
	www.juniper.net /security/auto/vulnerabilities/vuln338.html (343 words)

	Alarm growing over bot software \| CNET News.com
		The creation of the LSASS variant of Agobot may itself be a warning, because it likely indicates that a worm is around the corner, said the Internet Storm Center's Ullrich.
		Such was the case with MSBlast; several variants of Agobot incorporated code to take advantage of a Windows vulnerability in the weeks before the MSBlast worm arrived and used the same flaw to spread.
		This time around, however, the emergence of a worm may initially be hard to detect, because the LSASS variant of Agobot has spread so widely and is already creating a lot of noise, he said.
	news.com.com /Alarm+growing+over+bot+software/2100-7349_3-5202236.html (1343 words)

	Microsoft machines and NDemon/Phatbot/Agobot Worms
		The Agobot family of infections first drew attention to itself because it can be used to test network bandwidth to a number of well-known Web sites, including http://www.stanford.edu.
		As usual, if your machine is infected with one of the Agobot worms, the most conservative recommendation is to back up the data on the machine, re-format the hard drive, and re-install the operating system and all applications.
		The general procedure for removing an Agobot infestation is to boot the infected machine into Safe Mode (which disables the system recovery capability), and then to run one or more of the manual Agobot removal tools.
	www.stanford.edu /services/securecomputing/alerts/windows-phatbot-26mar2004.html (1594 words)

	PC World - German Police Snag Phatbot Author (Site not responding. Last check: 2007-11-02)
		A 21-year-old German man was arrested and has admitted to creating the ubiquitous and dangerous Trojan horse programs Agobot and Phatbot, but he is not connected to the German author of the Sasser Internet worm, a police spokesman said.
		The computer code for Agobot circulates widely on the Internet and may have been modified by countless individuals with access to it, said Mikko Hyppönen, manager of antivirus research at F-Secure in Helsinki.
		However, the availability of the Agobot and Phatbot source code makes it almost certain that new versions of the Trojan will continue to appear, he said.
	www.pcworld.com /news/article/0,aid,116077,00.asp (737 words)

	Viruslist.com - Backdoor.Agobot.gen
		Agobot copies itself into the Windows directory under random names and then registers itself in the system registry auto-run keys:
		Agobot connects to various IRC servers opening channels identified in the body of the worm.
		It is then ready to receive commands from the 'master', who can now download and launch files on the victim machine, scan other computers for vulnerabilities and install itself on these vulnerable machines.
	www.viruslist.com /en/viruses/encyclopedia?virusid=24977 (132 words)

	Singapore schools hit by Agobot worm - Breaking - smh.com.au
		It said at least 30 schools were found to have been infected by the worm on May 10.
		A computer which is infected by Agobot sets up a connection to an internet relay chat channel and allows an intruder access to the compromised machine.
		On May 7, a 21-year-old German man was arrested in the southern German town of Waldshut and charged with creating the Agobot worm.
	www.smh.com.au /articles/2004/05/17/1084646107068.html (269 words)

	Backdoor.Agobot.spoolsrv32
		Agobot is the name of a family of worms that allows a remote attacker to control the infected machine by connecting to an Internet Relay Chat (IRC) server which can turn the machine into a bot, (zombie) allowing it to be used for malicious purposes.
		Agobot opens a backdoor allowing the attacker to control the infected machine for other purposes such as downloading additional malware.
		Agobot is typically spread via peer-to-peer (P2P) file sharing networks and can spread through shared drives on a network.
	research.sunbelt-software.com /threatdisplay.aspx?name=Agobot.spoolsrv32&threatid=15230 (479 words)

	German police release Agobot Trojan author - 17/May/2004 - ComputerWeekly.com
		Five other men were also charged in connection to the so-called Trojan programs, but were not taken into custody, according to Horst Haug, a spokesman for the State Bureau of Investigation in Baden-Württemberg.
		Agobot is a Trojan horse program that surreptitiously runs on computers that use Microsoft's Windows operating systems, providing malicious hackers with secret access to the compromised system.
		E-mail messages from the Agobot author indicated that he wanted to leave Germany to avoid military service.
	www.computerweekly.com /Articles/2004/05/17/202461/german-police-release-agobot-trojan-author.htm (434 words)

	Sasser, Phatbot arrests coordinated, but not linked \| InfoWorld \| News \| 2004-05-10 \| By Paul Roberts, IDG News Service
		The computer code for Agobot circulates widely on the Internet, and may have been modified by countless individuals with access to it, said Mikko Hyppönen, manager of antivirus research at F-Secure Corp. in Helsinki.
		German police are currently analyzing the information seized in the arrests Friday, but cannot identify any of the suspects they have arrested, or describe the evidence against them, he said.
		F-Secure has provided information to authorities on Agobot and Phatbot before, including the IRC (Internet Relay Chat) logs files containing user names and the IP (Internet Protocol) addresses of individuals who were selling customized versions of the Trojan horse program online, Hyppönen said.
	www.infoworld.com /article/04/05/10/HNarrestsnotlinked_1.html (1394 words)

	Phatbot Trojan Analysis - LURHQ
		Phatbot is actually a direct descendant of Agobot, with additional code rolled in from other sources.
		Although Agobot has a rudimentary P2P system, IRC is still the main control vector.
		The author(s) of Phatbot chose to abandon Agobot's IRC and P2P implementations altogether and replaced them with code from WASTE, a project created by AOL's Nullsoft division (and subsequently canceled by AOL).
	www.lurhq.com /phatbot.html (1002 words)

	Agobot \| Linha Defensiva
		Agobot é atualmente a maior familia de worms com backdoors existente.
		O Agobot é um desses bots de IRC, mas em vez de possuir utilidades para controlar o canal automaticamente, estes possuem funcionalidades para controlar o sistema da pessoa infectada.
		Agobot identifica os processos de Anti-Vírus e Firewalls através do nome e o mesmo pode ser dito sobre o regedit.exe.
	linhadefensiva.uol.com.br /v-info/worms/agobot (821 words)

	The OIT Virus Notification Program - OIT Help Desk (Site not responding. Last check: 2007-11-02)
		This page is designed to instruct users on how to remove the programs we have seen on campus and know how to find and remove it, and to provide users with options for dealing with an unknown proxy server or bot program if one is detected on their machine.
		Agobot is a combination worm/IRC bot that can infect other nearby computers on the network with open shares and weak usernames/passwords.
		There are a number of slight variations to the Agobot worm/bot.
	www.helpdesk.umd.edu /virus/alerts/proxybots.shtml (1462 words)

	Agobot Trojan author released in Germany \| InfoWorld \| News \| 2004-05-14 \| By Paul Roberts, IDG News Service
		A 21-year-old man who was arrested in Germany last Friday and charged with creating a malicious computer program called Agobot was released from police custody Friday.
		He was required to surrender identity papers and report regularly to police as a condition of his release, according to Ullrich Heffner, a police spokesman in the southwestern state of Baden-Württemberg.
		Agobot is a Trojan horse program that surreptitiously runs on computers that use Microsoft Corp.'s Windows operating systems, providing malicious hackers with secret access to the compromised system.
	www.infoworld.com /article/04/05/14/HNagobotauthor_1.html (1185 words)

	WORM_AGOBOT.GEN - Description and solution
		This is Trend Micro's detection for future and existing variants of the AGOBOT worm.
		The AGOBOT family of worms propagate via peer-to-peer file-sharing applications, such as Kazaa, Grokster, and Bear Share, and via network shared drives.
		The AGOBOT worm connects to an Internet Relay Chat (IRC) server and acts as a bot program, allowing remote users to manipulate infected machines and launch a denial of service (DoS) attack against other IRC users.
	www.trendmicro.com /vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.GEN (156 words)

	Virus Threat Center - Agobot Virus Definition Page - TechRepublic (Site not responding. Last check: 2007-11-02)
		Description: The Agobot, also know as Gaobot, worm has been around since November 2003, attacking through weakly secured network shares, and opens an infected system to attacks via an IRC channel.
		The DCOM RPC vulnerability uses TCP port 135, WebDav uses TCP port 80, and TCP port 445 is opened by a buffer overrun vulnerability.
		Agobot opens systems to remote access, steals some data, and attempts to kill off anti-virus and firewall software.
	www.virusthreatcenter.com /virus.aspx?virus=26 (154 words)

	F-Secure Computer Virus Information Pages: Agobot
		Agobot is an IRC-controlled backdoor with network spreading capabilities.
		Manual disinfection for Agobot backdoor requires renaming of an infected file, usually located in Windows or Windows System folder and restarting a system.
		Please note that the backdoor's file may have read-only, system and hidden attributes, so Windows Explorer has to be configured to show such files.
	www.f-secure.com /v-descs/agobot.shtml (269 words)

	worm agobot.pu - Wilders Security Forums
		Hi classico, TDS3 may be a better bet as agobot is a DDos RAT (Remote Access Trojan) It attempts to terminate many AVs and firewalls but not TDS3 as far as I know.
		I have the agobot and i've followed all the instructions in this thread and nothing has helped.
		The agobot detects the TDA-3 scanner and shuts it down even after I renamed the exe.
	www.wilderssecurity.com /showthread.php?t=24300&page=2 (1681 words)

	Suspect arrested in Phatbot, Agobot malware case - Windows and XP News on Tune XP
		Suspect arrested in Phatbot, Agobot malware case - Windows and XP News on Tune XP Web
		A 21-year-old German man was arrested and has admitted to creating the ubiquitous and dangerous Trojan horse programs Agobot and Phatbot, but he isn't connected to the alleged author of the Sasser Internet worm, who is also from Germany and was arrested last week (see story), a police spokesman said.
		Give your computer a chance to show all of its potential with this new Tune XP collection of Windows XP tips and software, which will help you manage, secure, backup and tweak your system for good.
	www.tunexp.com /news/windows-story-360.html (684 words)

	Win32/Agobot Family
		Not all variants use all of these mechanisms.
		These are some passwords that Agobot often tries to use:
		Some Agobot variants can also infect remote systems that are already infected with other malware:
	www3.ca.com /securityadvisor/virusinfo/virus.aspx?id=37776 (726 words)

	Your Money Or Your Network - Profile: The Agobot
		But the attackers did follow a pattern consistent with the Agobot/Phatbot family, which consists of dozens of variants on a worm called Agobot that was created in northern Europe in the late 1990s.
		Method of promulgation: Agobot can arrive as an attachment in e-mail, through a file transfer in instant messaging, or directly across the network using remote procedure calls, Universal Plug and Play directives, buffer overflows and other security vulnerabilities in Windows systems.
		Using Agobot, the attacker can load new files or programs on the corrupted computer, delete files, perform DNS lookups to note its location in the network, and other functions.
	baselinemag.com /article2/0,1397,1814275,00.asp?... (846 words)

	Remove Agobot Trojan, removal instructions
		As a result of this, the hacker is able to connect to the infected machine via IRC and perform dangerous activities, such as stealing various confidential pieces of data.
		Attention: Use this form only if you have additional information about Agobot Trojan parasite, its removal instructions, additional resources or behavior.
		By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.
	www.2-spyware.com /remove-agobot-trojan.html (251 words)

Try your search on: Qwika (all wikis)