The first computer worm to eavesdrop on network traffic after it infects a computer has been discovered by security experts. The SDBot.UJ scans passing traffic on a network-linked machine for passwords and financial data.
The worm tries to exploit one of a number of bugs in the Windows operating system to wriggle on to computers. It then attempts to infect other computers on the same local network by using a dictionary of obvious passwords, for example, “administrator” or “1234”.
Once installed, the worm also activates a customised network “sniffer” program – which allows it to steal vital data. It then connects to an internet relay chat (IRC) network, enabling an outsider to take control of the infected system or collect information harvested from it.
Because the worm relies on old software bugs, some anti-virus experts believe it will not spread far. Raimund Genes, European director of anti-virus company Trend Micro, says users will be safe providing they have installed recent software patches, have up-to-date anti-virus software and use secure passwords.