Sign Up: Free Daily Tech E-letter  
Technology Home
Tech Policy
Government IT
Personal Tech
Special Reports


Hackers Embrace P2P Concept
Experts Fear 'Phatbot' Trojan Could Lead to New Wave of Spam or Denial-of-Service Attacks


E-Mail This Article
Print This Article
Permission to Republish
_____Related Coverage_____
Is Your Computer Infected With Phatbot? (, Mar 17, 2004)
Virus Overwhelms Google, 3 Other Search Engines (The Washington Post, Jul 27, 2004)
Web Worm Spreads, Slows Google Searches (, Jul 26, 2004)
Report Faults Cyber-Security (The Washington Post, Jul 23, 2004)
More Security News

By Brian Krebs Staff Writer
Wednesday, March 17, 2004; 6:23 AM

Computer security experts in the private sector and U.S. government are monitoring the emergence of a new, highly sophisticated hacker tool that uses the same peer-to-peer (P2P) networking abilities that power controversial file-sharing networks like Kazaa and BearShare.

By some estimates, hundreds of thousands of computers running Microsoft's Windows operating system have already been infected worldwide. The tool, a program that security researchers have dubbed "Phatbot," allows its authors to gain control over computers and link them into P2P networks that can be used to send large amounts of spam e-mail messages or to flood Web sites with data in an attempt to knock them offline.

The new hacker threat caught the attention of cyber-security officials at the U.S. Department of Homeland Security, prompting the agency to send an alert last week to a select group of computer security experts. In the alert, the agency warned that Phatbot snoops for passwords on infected computers and tries to disable firewall and antivirus software.

A copy of the DHS alert was made available to by two sources at different companies who asked that their identities not be used because they did not want to risk losing access to future government alerts. Officials at the department and US-CERT -- a government-funded cyber-security monitoring agency -- confirmed that the message was genuine.

Phatbot is "a virtual Swiss Army knife of attack software," said Vincent Weafer, senior director of security response at Cupertino, Calif.-based Symantec Corp.

Joe Stewart, a researcher at the Chicago-based security firm Lurhq, has catalogued Phatbot's many capabilities in an online posting. Those capabilities include: the "ability to polymorph on install in an attempt to evade antivirus signatures as it spreads from system to system"; "steal AOL account logins and passwords"; "harvest emails from the web for spam purposes" and "sniff [Internet] network traffic for Paypal cookies."

Phatbot is a kind of "Trojan horse," a type of program named after the legendary stealth attack because it lets hackers take quiet control of unsecured computers. Security firms have catalogued hundreds if not thousands of Trojan horse programs in recent years, but Phatbot has raised substantial concern because it represents a leap-forward in its sophistication and is proving much harder for law enforcement authorities and antivirus companies to eliminate.

Like traditional Trojan horse programs, Phatbot infects a computer through one of several routes, such as through security flaws in Microsoft's Windows operating system or through "backdoors" installed on machines by the recent "Mydoom" and "Bagle" Internet worms.

But because Phatbot links infected computers into a larger network, hackers can issue orders to the infected machines through many routes, and cyber-security officials can only effectively shut down a Phatbot attack if they track down every infected computer.

"The concern here is that the peer-to-peer like characteristics of these 'bot networks may make them more resilient and more difficult to shut down," said a cyber-security official at the Department of Homeland Security who asked not be identified because the agency is still considering whether to issue a more public alert about Phatbot.

1 2     Next >
Print This Article Home

© 2004 Washingtonpost.Newsweek Interactive

Company Postings: Quick Quotes | Tech Almanac
About | Advertising | Contact | Privacy
My Profile | Rights & Permissions | Subscribe to print edition | Syndication