Slashdot Mirror

← Back to Stories (view on slashdot.org)

PhatBot Trojan Spreading Rapidly On Windows PCs

Posted by timothy on from the what-and-lose-all-my-pigeons dept.

prostoalex writes "The Washington Post alerts Windows users about a new peer-to-peer backdoor client that is installed maliciously on broadband-connected computers around Asia and the United States. The client is then used for distributed DOS attacks and sending out large amounts of spam. Phatbot, according to government sources, is installed on hundreds of thousands machines already. Phatbot snoops for passwords on infected computers and tries to disable firewall and antivirus software, albeit it is detectable by antivirus packages." An anonymous reader submits a link to this description of the beast.

42 of 645 comments (clear)

  1. Is it just me... by FortKnox · · Score: 4, Funny

    ... or does this sound dirty to you too??

    a new peer-to-peer backdoor client that is installed maliciously

    --
    Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
    1. Re:Is it just me... by CoolHnd30 · · Score: 2, Funny
      a new peer-to-peer backdoor client that is installed maliciously

      If you wanna look at it like that, they should call it "the Kobe", instead of PhatBot.

    2. Re:Is it just me... by CreatureComfort · · Score: 5, Funny


      The Register just had a story about how a lot of the new virii are as small as 12kb, and how you could almost silk screen the code for one onto an XL T-shirt.

      I would love to have a pair of boxers with this code printed on them, and in large letters overlaying the code, "Let's install my peer-to-peer backdoor client."

      --
      "Unheard of means only it's undreamed of yet,
      Impossible means not yet done." ~~ Julia Ecklar
    3. Re:Is it just me... by Ralph+Wiggam · · Score: 4, Funny

      FatBot was one of the members of Robot House, Bender's former fraternity. The episode is an Animal House take off and FatBot is supposed to be Flounder.

      No idea if there's a connection.

      -B

    4. Re:Is it just me... by ShortSpecialBus · · Score: 2, Funny

      Something tells me you won't likely win the peace prize with that.

      Chemistry would probably be your best bet...

      --
      //FIXME: Bad .sig
    5. Re:Is it just me... by WWWWolf · · Score: 3, Funny
      Shit, all the old good virii were like sub-800 bytes

      Yeah, gone are the days when F-Secure folks unceremoniously categorized everything over 10 kb or so "huge and technically uninteresting" =)

  2. Virizzle by DomCurtis187 · · Score: 4, Funny

    Since when did Snoop Dogg start writing code? Shizzle, dawg, dis virizzle be PHAT!

    1. Re:Virizzle by dasmegabyte · · Score: 4, Funny

      Dude, he's a PIMP.

      He has the bitches write code for him.

      --
      Hey freaks: now you're ju
    2. Re:Virizzle by Anonymous Coward · · Score: 2, Funny
      fo' shizzle my nizzle. maybe yo don't hear good, foo. the s-n-double o-p has been down fo' a minute. Check it:

      From the depths of the internet, back to localhost
      Snoop Doggy Dogg, Funky, yes but of the .Doc
      Went solo on that port, but it's still the same
      Long Beach is the spot where I served my code
      Follow me, follow me, follow me, follow me, but don't lose your grep
      Nine-trizzay's the yizzear for me to fuck up shit
      So I ain't holdin nuttin back, I got nmap
      And motherfucker I got five on the twenty server rack
      It's like that and as a matter of fact [rat-tat-tat-tat]
      Cuz I never hesitate to put a craker on his back
      [Yeah, so peep out the source code
      You see that it's a must we drop connections]
      What's my motherfuckin name?

  3. Skynet by 3cents · · Score: 5, Funny

    How long before someone bootstraps a distributed Artificial life simulator to their virus and then we all watch in amazement as the first AI evolves and owns all our computers. This could never happen though...right?

    Slashrank

    1. Re:Skynet by NaugaHunter · · Score: 4, Funny

      Yeah, but running only on poorly setup windows boxes would probably depress it pretty quick. We can only hope it would go full cycle of sentience-self actualization-massive disillusionment-depression-suicide before reaching anything useful.

      Or it will start ordering from it's own spam and get really confused.

      --
      R: That voice. Where have I heard that voice before? B: In about 365 other episodes. But I don't know who it is either.
    2. Re:Skynet by Ryosen · · Score: 4, Funny

      Or it will start ordering from it's own spam

      Great, just what I need. A trojan that needs bigger Trojans than me.

      --

      Ryosen
      One man's "Troll, +1" is another man's "Insightful, +1".
    3. Re:Skynet by rjelks · · Score: 3, Funny

      Is it just me, or is this turning into one of those conversations in the basement of "That 70's Show" :)

      -

      --


      Tech News, Reviews and Tutorials
  4. Description of trojan is slashdotted by phoneboy · · Score: 4, Funny

    I can't find out how the gory details of backdooring a computer. Oh well, I guess I'll have to settle for the more traditional form of pr0n.

    -- PhoneBoy

    --
    The views expressed herein are not necessarily those of anyone, including the poster.
  5. anyone else think by Savatte · · Score: 5, Funny

    PhatBot Trojan would be a good name for a hip-hop group?

    1. Re:anyone else think by FrostedWheat · · Score: 2, Funny

      Nah, would make a good DJ: PhatBot Slim

  6. Greets to the DOI!!! by Jim+Ethanol · · Score: 2, Funny

    ### fictional code comment snipet ### "The PhatBot team would like to shout a big thanks to the US Department of Infrastructure for their help in beta testing PhatBot!"

  7. Re:nice features list by Joe+U · · Score: 5, Funny

    I would really like to see a worm/virus/trojan that makes the user's hard drive rip itself out of the computer, beat the user with a bat and run screaming down the hall.

    Can someone code that feature?

    Seriously, I would love to see one of these programs that just turns the victims internet connection OFF. Granted, I don't think it would spread very well.

  8. Re:nice features list by EndlessNameless · · Score: 5, Funny

    :::# Checks to see if it is allowed to send mail to AOL, for spamming purposes:::

    Best. Feature. Ever.

    --

    ---
    According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
  9. Re:Detection/Removal instructions? by Neil+Blender · · Score: 3, Funny

    Has anyone come across a removal tool and/or removal instructions? They would be helpful for future reference.

    Here is a helpful site. It provides instructions on how to get rid of windows viruses forever. Even ones not yet invented.

  10. Re:nice features list by bfg9000 · · Score: 5, Funny

    If only Microsoft gave us this much cool stuff with their godforsaken updates. I just KNOW Longhorn is gonna be WinXP with DRM (YAY!), just like XP was Win2000 with Prettiness Plus(TM), just like 2000 was WinNT with a blue default background, just like NT was Win98 with less games, just like 98 was Win95 with double the base install size, just like 95 was Win3.1 with less speed and stability, just like Win3.1 was DOS with a mouse.

    What better resume than a good virus or trojan?

    --

    I'm not normally an irrational zealous dickhead, but I figure "When in Rome..."

  11. Want to statr the revolution in a hurry? by beacher · · Score: 5, Funny

    1) Extract Windows product keys
    2) ???^H^H^H Email software keys to software@bsa.net and tell them that you think your employer is not running legitimate software. Include a paypal link for the reward
    3) Profit

    This bot looks NASTY.
    -B

  12. Lucky me by mixtape5 · · Score: 5, Funny

    is installed maliciously on broadband-connected computers...
    who knew that dial up internet was a form of virus protection? I dont feel so bad anymore!


    --
    WoW: Scheod 70 orc warlock on Shadowmoon
  13. Re:I'm TRULY not attempting to Troll by 2MuchC0ffeeMan · · Score: 3, Funny

    Nobody cares about the baghdad blast, or the crappy election that is going nowhere

    it's a slow news day, what do you expect?

    --
    Runnin' On Empty .... I'm Still Alive
  14. between 1 million and 2 million computers... by Unnngh! · · Score: 2, Funny

    ...giving the RIAA another 1 to 2 million people to sue for--something...it is P2P after all;)

  15. Re:Spammer-Sponsored by arbitrary+nickname · · Score: 4, Funny

    But with all those features, how big is it? if Microsoft wrote something with all those features it'd probably come on 4 CDs.....

  16. Have no fear! by rixstep · · Score: 1, Funny

    I have heard from very reliable sources that there is absolutely no reason to panic. Microsoft are, as per usual, working on a patch for this Phatbot. Microsoft take computer security very seriously, as you all know. There are no flaws in Windows system architecture or any of the programs running under Windows - it's just the prevalence of Windows that does it. Microsoft and Windows are copyright Microsoft Corporation Redmond Washington USA.

  17. Re:For a mainframe version... by Phexro · · Score: 4, Funny

    Jesus god, Amazon needs to partner with Google. Searching for that title got me several search results, including:

    * 'The Phallus Palace: Female to Male Transsexuals'
    * 'Clinical Neurology: A Modern Approach (Paper)'
    * 'The World Almanac and Book of Facts 2004'
    * 'When Girls Feel Fat: Helping Girls Through Adolescence'
    * 'Principles of Frontal Lobe Function'

    Whoever coded their search engine could use some advice from that last title.

    Here's the correct link.

  18. Re:nice features list - OSS based? by vonPoonBurGer · · Score: 2, Funny

    Assuming that list is correct, with all the features, what are the chances the virus author actually coded them all? I'm guessing some extensive customization probably had to go into whatever code was used. Possibly it was created using open source libraries for certain components?

    Also, this strikes me as the first truly bloatware virus... how big is this thing anyway??

  19. Re:So... by Anonymous Coward · · Score: 2, Funny

    www.mandrake.com
    follow the links to download the ISO's and simply follow the steps after rebooting from disc 1.

    you will now be 100% immune from any current and future microsoft compatable virus.

  20. Re:The power of viruses by thedillybar · · Score: 4, Funny
    Very sobering, to realize how bad viruses online have gotten...

    Oh good...I'm not the only one that restarts sendmail when I'm drunk...

  21. Re:Albeit is misused here by Anonymous Coward · · Score: 2, Funny

    I AGREE!

    I've was recently berated by some talking head (in writing) for insulting a clients "menstrual abilities", and making "inflammible remarks".

    My boss read the letter to me, and asked me what I said to piss them off. He shit himself laughing when I told him I called the girl a halfwit.

  22. Re:Jesus. by grub · · Score: 4, Funny


    "Problem lies between Keyboard and Chair".

    At work we say "It was a Layer 8 problem". You can say that in front of non-geeks without them catching on.

    --
    Trolling is a art,
  23. Re:nice features list by Sowbug · · Score: 4, Funny
    Simple. Just spam 10 million people with the following e-mail:
    This is your system administrator. DO NOT DELETE THIS E-MAIL. Your computer has been infected with the latest trojan worm rotovirus. Please take the following steps to remove this infection:

    1. Open your computer and remove the hard drive. If you are not able to do this on your own, ask the nearest IS worker for help. Inform him that this is to be done on direct orders from his superior.

    2. Attach the hard drive to a bat using duct tape. Beat yourself severely with it.

    3. While clutching the hard drive, run screaming down the hall.

    4. Forward this e-mail to all your direct reports. Please instruct them to comply IMMEDIATELY.

    Thank you for your assistance in stopping this infection.

    Sincerely yours,

    The Management
    OK, so maybe you can't get the hard drive to do it on its own, but if you make the e-mail look official enough, at least 10 people will do it for you.

  24. it runs under wine by Anonymous Coward · · Score: 1, Funny

    nice to know something does.

  25. Uh oh! by cgreuter · · Score: 2, Funny

    They use GPL'd code from WASTE but haven't released the whole source code! They're in a world of legal hurt now.

  26. Re:How about a virus that educates users? by Lumpy · · Score: 3, Funny

    been there done that..

    I wrote a email "virus" that simply made everyone think their hard drive was being erased andthen emailed it to all my users here at work and waited for the calls.. even after the "scare" I sent a second "virus" that silently wrote the username of the person that opened it to a file on the server... guess what... the damned sheep still did everything as normal...

    you cant, educate most people. once they have a "way" of doing something it's like pulling teeth to get them to change...

    hell we had people bitch for 2 months about the change in the color of the office pencil supply.

    --
    Do not look at laser with remaining good eye.
  27. Re:nice features list by Anonymous Coward · · Score: 2, Funny

    No, Windows ME was just Windows '98 with a broken broom handle in one hand and a jar of Vaseline in the other.

  28. Re:nice features list by Anonymous Coward · · Score: 1, Funny

    w00t,

    Its peeps like you that make spreading of these trojans possible

    I'm not e real M$-soft fan, but w2k and winxp do function quiete ok and safe with the proper user permissions. Never use administrator to run daily stuf.

    If can run everything i want on it just with restrictive user privileges.

    So youre argument s*u*c*k*s, never had a trojan, and nver [NO CARRIER]

  29. Re:Nullsoft Waste code used? Open source scariness by MasonMcD · · Score: 2, Funny

    What happens when someone steals your source without obeying GPL or anything and turns it into a monster?

    That's what Dr. Frankenstein said when he took the corpses for his creature. But he showed them, didn't he! They all thought he was crazy! Bbbut whooss teH CRzy onE now, HAH? You fooLS, YOU ALL LAUGHED, BUT IL HAV THE LAAST LAUHG!

    MWAHAHAHAHAHA!

  30. even better by Anonymous Coward · · Score: 5, Funny

    Have it grep the HD for pr0n keywords, and mail the results to Outlook's Adressbook. After that, nobody would think little of viruses ever again...
    (here in double-moral country, that is)

  31. Fruit machine? by Anonymous Coward · · Score: 3, Funny

    Anybody remember the slot machine virus that
    would store the disk's file allocation table in
    memory, wipe it off the disk, and give you 3 tries to win it back?