Agobot (computer worm)

Encyclopedia : A : AG : AGO : Agobot (computer worm)

This does not cite its [[Opentopia:Citing sources|references or sources]].
You can [[Opentopia:WikiProject Fact and Reference Check|help]] Wikipedia by introducing appropriate citations.

Agobot, also frequently known as Gaobot, is a family of computer worms that infects the Microsoft Windows operating system, though there also exists a Linux port of the bot. Because development was a team based effort and because the bot was to be modified by the community through its modular design, the authors of this family chose to make Agobot open source. New versions, or variants, of the worm appeared so rapidly that the Agobot family quickly grew larger than other bot families. It is now known that Agobot numbers several thousand detected variants in size.

Although Agobot variants vary widely in behavior, earlier variants had a few base similarities:

The ability to spread via the popular P2P programs KaZaA, Grokster, and BearShare.
The ability to spread via a vulnerability in the Microsoft Windows operating system. Earlier versions mostly used the RPC DCOM buffer overflow, although now some use the LSASS buffer overflow, for which Agobot was the first bot known to use the vulnerability (which raised the ISC infocon for a few days).
The ability to spread via various common backdoor Trojan horses.
The ability to spread to systems with weak administrative passwords.
Use of a hidden IRC server or the Waste P2P network for backdoor access.
Use of a polymorphing engine with 6 different en-/decoding methods which is also used for shellcodes
The ability to shut down major antivirus programs (via code injection) and block their updates

Because there is no standard of detection nor classification for the Agobot family, there is also no standard naming convention. Most antivirus programs detect variants generically (e.g. W32/Agobot.worm), and identifying what specific Agobot variant is indicated is next to impossible except with the earliest or most common versions.

From Wikipedia, the Free Encyclopedia. Original article here. Support Wikipedia by contributing or donating.
All text is available under the terms of the GNU Free Documentation License See Wikipedia Copyrights for details.