A new virus has been detected that can carry out such a wide range of attacks that it has been described as “the Microsoft Office of the computer netherworld”.
The ‘Phatbot’ worm — also known as ‘Polybot’ — not only enables an attacker to take control of computers to launch spam or denial of service (DoS) attacks, it can also ‘sniff’ for passwords, logins and payment cookies on infected computers.
Exploiting vulnerabilities in Microsoft’s Windows operating system, Phatbot attacks up to 600 processes on a host, ranging from antivirus software to competing viruses.
As a result, Phatbot can be difficult to spot, although one tell-tale sign may be the sudden disappearance of antivirus software icons from a desktop.
The Trojan horse, a variant of ‘Agobot’, also harvests emails from the address book for spamming purposes and can scan other connected computers for vulnerabilities — therefore posing a particular problem for business networks.
The US Department of Homeland Security is taking the threat so seriously that it has asked a group of security specialists to keep an eye on it as part of its National Strategy to Secure Cyberspace — an attempt to coordinate the efforts of government, business and academic security experts.
But some security experts have expressed surprise at the attention Phatbot is receiving. Joe Stewart, senior security researcher at managed security services company Lurhq told the New York Times: “It’s got extra features that make it a little bit more formidable, but it’s certainly not a quantum leap in ‘bot’ technology.”
Bots are pieces of automated software, also used by search engines such as Google.
As yet the worm is not as widespread as recent headline-grabbers such as MyDoom, so security experts are hoping that by spotting it early they can control it. To this end, they advise Windows users to keep their antivirus software up to date and make sure they install all of Microsoft’s latest patches.
Antivirus software maker Network Associates estimates that viruses could cause as much as $2.5 billion worth of damage to mobile networks by 2006 in North America alone.
The risk of viruses increases for smartphones because they have more complex operating systems and are able to download software such as games, not always from reputable sources. The connected nature of such devices means even conventional phones could be affected by networks overloaded by DoS attacks, for example.