Backdoor.Agobot

· Overview ·
· Origins ·
· Distribution ·
· Operation ·
· Detection and Removal ·
· Research ·

Overview

Summary:

Vendor Notes:

Alias:

Category:

Backdoor: A secret or undocumented means of getting into a computer system, or software that uses such a means to penetrate a system. Some software has a backdoor placed by the programmer to allow them to gain access to troubleshoot or change the program. Software that is classified as a "backdoor" is designed to exploit a vulnerability in a system, and open it to future access by an attacker.

AV Killer: Any hacker tool intended to disable a user's anti-virus software to help elude detection. Some will also disable personal firewalls.

Exploit: A way of breaking into a system. An exploit takes advantage of a weakness in a system in order to hack it. Exploits are the root of the hacker culture. Hackers gain fame by discovering an exploit. Others gain fame by writing scripts for it. Legions of script-kiddies apply the exploit to millions of systems, whether it makes sense or not. Since people make the same mistakes over-and-over, exploits for very different systems start to look very much like each other. Most exploits can be classified under major categories: buffer overflow, directory climbing, defaults, Denial of Service.

FTP Server: When installed without user awareness, an FTP server allows an attacker to download any file in the user's machine, to upload new files to that machine, and to replace any existing file with an uploaded file.

P2P: Any peer-to-peer file swapping program, such as Audiogalaxy, Bearshare, Blubster, E-Mule, Gnucleus, Grokster, Imesh, KaZaa, KaZaa Lite, Limewire, Morpheus, Shareaza, WinMX and Xolox. In an organization, can degrade network performance and consume vast amounts of storage. May create security issues as outsiders are granted access to internal files. Often bundled with Adware or Spyware.

SPAM Tool: Any software designed to extract email addresses from web sites and other sources, remove ""dangerous"" or ""illegal"" addresses, and/or efficiently send unsolicited (and perhaps untraceable) mail to these addresses.

Trojan: Any program with a hidden intent. Trojans are one of the leading causes of breaking into machines. If you pull down a program from a chat room, new group, or even from unsolicited e-mail, then the program is likely trojaned with some subversive purpose. The word Trojan can be used as a verb: To trojan a program is to add subversive functionality to an existing program. For example, a trojaned login program might be programmed to accept a certain password for any user's account that the hacker can use to log back into the system at any time. Rootkits often contain a suite of such trojaned programs.

Worm: A program that propagates itself by attacking other machines and copying itself to them. Both worms and viruses are self-replicating code that travels from machine to machine by various means. Both worms and viruses have, as their first objective, merely propagation. Both can be destructive, depending on what payload, if any, they have been given. But there are some differences: worms may replace files, but do not insert themselves into files. In contrast, viruses insert themselves in files, but do not replace them.

Variants:

Similar Pests:

Origins

Programming Language:

Date of Origin:

Place of Origin:

Distribution

Prevalence:

Clot Factor:

The "Clot Factor" is a measure of how much a pest "gums up" a machine by adding registry entries, files, and directories. As more objects are placed in a machine, manual removal becomes more difficult and more error-prone.

Growth:

Operation

Storage Required:

Payload:

Detection and Removal

Automatic Removal:

PestPatrol detects this.

PestPatrol removes this.

Manual Removal:

Research

More Info:

Research By:

Last Revised: