By its very nature, however, RBot morphs and evolves over time. Originated in 2003, the core functionality of RBot continues to drive the primary functionality of hundreds of RBot variants. The RBot family of bots is one of the most pervasive and complex out there. Variants of SDBot are also known to scan for Microsoft SQL Server installations with weak administrator passwords or security configurations. ![]() Some variants come bundled with a listing of common username and password combinations, such as abc123 or password for the password, which can be used to attempt to connect with network resources as well. SDBot will attempt to connect to and spread via default administrative shares found on a typical Windows system, such as PRINT$, C$, D$, E$, ADMIN$, or IPC$. SDBot assumes the same access rights and privileges as the user that is currently logged into the system. ![]() To spread effectively, SDBot relies on weak security on target systems or the ability to leverage the current user credentials to connect with other network resources.
0 Comments
Leave a Reply. |