Spybot worm

Spybot worm

The Spybot worm is a large family of computer worms of varying characteristics. Although the actual number of versions is unknown, it is estimated to be well into the thousands. This briefly held the record for most variants, but has subsequently been surpassed by the Agobot family. Spybot variants generally have several things in common:

* The ability to spread via the popular P2P program KaZaA, often in addition to other such programs.
* The ability to spread via at least vulnerability in the Microsoft Windows operating system. Earlier versions mostly used the RPC DCOM buffer overflow, although now some use the LSASS buffer overflow.
* The ability to spread via various common backdoor Trojan horses.
* The ability to spread to systems with weak administrative passwords.

Because there is no standard of detection nor classification for the Spybot family, there is also no standard naming convention. Most antivirus programs detect variants generically (e.g. W32/Spybot.worm), and identifying what specific Spybot variant is indicated is next to impossible except with the earliest or most common versions.

As a result of having so many variants, one anti-virus company is often not able to recognise and remove all versions of the worm. The same applies to most anti-spyware software.

Early detection of the "Spybot worm" usually comes from network engineers detecting the Denial of Service attack generated when the worm tried to communicate back to various IRC channels.


Wikimedia Foundation. 2010.

Игры ⚽ Поможем сделать НИР

Look at other dictionaries:

  • Spyware — is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically,… …   Wikipedia

  • Botnet — Un botnet est un ensemble de bots informatiques qui sont reliés entre eux. Historiquement, ce terme s est d abord confondu avec des robots IRC (bien que le terme ne se limitait pas à cet usage spécifique), qui était un type de botnet particulier… …   Wikipédia en Français

  • Drivecleaner — Winfixer 2005 Cet article fait partie de la série Programmes malveillants Virus Cabir MyDoom.A Tchernobyl …   Wikipédia en Français

  • Winfixer — 2005 Cet article fait partie de la série Programmes malveillants Virus Cabir MyDoom.A Tchernobyl …   Wikipédia en Français

  • Winfixer 2005 — est un faux utilitaire qui est présenté sur le site de l éditeur comme un logiciel de protection du système ; il réparerait les fichiers corrompus, nettoierait la base de registre, réparerait les erreurs du disque dur, etc. Sommaire 1… …   Wikipédia en Français

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”