Harvest.cdkeys makes the bot get a list of cdkeys Redirect.stop stops all redirects running Scan.addnetrange adds a netrange to the scanner lnetrange deletes a netrange from the scanner Scan.listnetranges lists all netranges registered with the scanner Scan.resetnetranges resets netranges to the localhost Scan.clearnetranges clears all netranges registered with the scanner Http.execute updates the bot from a http url Http.update executes a file from a http url Http.visit visits an url with a specified referrer Logic.ifuptime exec command if uptime is bigger than specifiedįtp.update executes a file from a ftp urlįtp.execute updates the bot from a ftp url Plugin.unload unloads a plugin (not supported yet) The complete command list includes:īot.longuptime If uptime > 7 days then bot will respondīot.rndnick makes the bot generate a new random nickīot.removeallbut removes the bot if id does not matchīot.id displays the id of the current codeīot.about displays the info the author wants you to seeĬommands.list Lists all available commands Phatbot has quite an extensive command list, much of which is derived from Agobot. The analysis that follows attempts to detail the functionality of Phatbot for purposes of detection and elimination. These additions have made Phatbot a more versatile and dangerous threat in the realm of Internet security.
Phatbot is actually a direct descendant of Agobot, with additional code rolled in from other sources. One very successful bot known as "Agobot" has now found itself superceded by "Phatbot". With time, the more effective bots become increasingly popular, leading to additional development from secondary developers who provide "mods" to the bots. He pointed out the drives do more than just boot the servers, they also store log files and temporary files produced by the servers, and so each SSD will read, write, and delete files depending on the activity of the server during the day.A kind of Darwinism pervades the world of trojan botnet development. In a blog post detailing the latest probing, Backblaze cloud storage evangelist Andy Klein said the SSDs are all used as boot drives in the firm's storage servers, and that Backblaze only began using SSDs this way from Q4 of 2018. The 2021 Drive Stats report was published in February. Backblaze said it will initially publish the SSD edition twice a year, but that this may change depending on how valuable readers find it. The cloud storage and backup provider publishes quarterly and annual Drive Stat reports, which focused exclusively on rotating hard drives until last year. "This Agobot variant is not that malicious in that it won't delete files," he said.īackblaze has published the first SSD edition of its regular drive statistics report, which appears to show that flash drives are as reliable as spinning disks, although with surprising failure rates for some models. Phatbot can also end standard security processes run by anti-virus programs and firewalls, according to Niall Browne, security architect at Entropy, an Irish Internet security company. "However, once a critical mass builds, especially through its use of other backdoors left open, Phatbot is really going to become a problem." So far, Phatbot infections are limited and some e-security companies are still rating it low-to-medium risk, Flynn says.
The potential impact of Phatbot on users is much bigger than with previous worms and viruses ,vecause it can harvest passwords, product registration codes and credit card numbers and then send this information back to the authors, he said. "The US Department of Homeland Security sent a number of companies an emergency release about the worm which was then leaked anonymously to The Washington Post," he told ElectricNews.Net. "Phatbot is causing quite a bit of stir over here," said Conor Flynn, technical director of US e-security company Rits.