# Monday, December 12, 2005
Análisis de tendencia del gusano W32.Spybot.ABDO

El día 10 de diciembre del 2005, las casas antivirus descubrieron una nueva pieza viral. El gusano W32.Spybot.ABDO bautizado así por la casa Symantec. El mismo sería un canal más de los ya mencionados botnets. Sin embargo, en esta ocasión éste traería un valor atípico en las variables que nuestro departamento usa para rastrear su expansión en nuestras redes.

Efectivamente, el gusano en mención una vez incrustado en el PC víctima, dejaría un bot programado para conectarse a su comando central (CC, central command), un canal IRC como es común, en esta ocasión a través del puerto menos pensado, el puerto TCP 53. También, es sabido por nuestros lectores técnicos que éste puerto lo usan los servidores DNS para comunicarse con los DNS ROOT servers y con otros DNS cuando la respuesta es mayor a 512 bytes; de allí la dificultad para monitorear tráfico anómalo generado por éste botnet.

No obstante a todo lo citado, las gráficas de tráfico DNS (que es la suma de UDP 53 y TCP 53) se observan completamente normales. Por supuesto, quisiéramos tener una vista más microscópica pero dado que el puerto en mención significa un gran movimiento de data para nuestra red, nos sería técnicamente imposible.

Finalmente, este escenario tan calmado, pueda deberse también a que la red que albergaba al CC (comando central) ha removido a dicho host e incluso a su nombre de dominio, evitando así que las PC zombies hallen contacto, y por ende que nosotros observemos una nula desviación en el peurto TCP 53, dado el bajo índice de éxito para este botnet.

En resumen, queremos comunicar que a pesar de la débil microvisibilidad de este gusano, regularmente para detectar a penas unas decenas de infecciones, por su parte nuestra macrovisibilidad a través del uso de herramientas FLOW, nos permite aseverar que el nivel de infección con W32.Spybot.ABDO en nuestra red es prácticamente inexistente.

Nota: Si desea saber más acerca de botnets, término que venimos usando bastante a menudo, recomendamos la lectura de "Botnets as a Vehicle for Online Crime" (Botnets como un Vehículo para el Crimen en Línea", publicado recientemente por CERT/CC.

Javier Romero, GCIA CISSP GCSC Dipl. SGSI
Departamento Especializado en Seguridad - Internet
http://www.telmex.com.pe/seguridad/internet

Monday, December 12, 2005 5:04:39 PM UTC  #    Comments [3]Tracked by:
"houston hotels" (houston hotels) [Trackback]
"Mark this point." (andrew) [Trackback]
"Car Insurance Online" (Car Insurance Online) [Trackback]
"Online Live Insurance" (Online Live Insurance) [Trackback]
"Homeowner Insurance" (Homeowner Insurance) [Trackback]
"Black Jack" (Black Jack) [Trackback]
"free porn clips" (free porn clips) [Trackback]
"Life Insurence" (Life Insurence) [Trackback]
"buy cialis" (buy cialis) [Trackback]
"Life Insurence" (Life Insurence) [Trackback]
"Home Insurance" (Home Insurance) [Trackback]
"Internet BlackJack" (Internet BlackJack) [Trackback]
"tramadol" (tramadol) [Trackback]
"ultram" (ultram) [Trackback]
"ultram" (ultram) [Trackback]
"Homeowners Insurence" (Homeowners Insurence) [Trackback]
"Roulette" (Roulette) [Trackback]
"Homeowners Ins" (Homeowners Ins) [Trackback]
"On Line Casino" (On Line Casino) [Trackback]
"Black Jack" (Black Jack) [Trackback]
"Quotes Life Insurance" (Quotes Life Insurance) [Trackback]
"State Farm Home Owner Insurance" (State Farm Home Owner Insurance) [Trackback]
"phentermine purchase" (phentermine purchase) [Trackback]
"phentermine buy" (phentermine buy) [Trackback]
"Home Owners Insurance Company" (Home Owners Insurance Company) [Trackback]
"Healthinsurance" (Healthinsurance) [Trackback]
"New York Life Insurance Company" (New York Life Insurance Company) [Trackback]
"California Home Owner Insurance Quote" (California Home Owner Insurance Quote) [Trackback]
"Womens Health Care" (Womens Health Care) [Trackback]
"Home Equity Line" (Home Equity Line) [Trackback]
"Direct Auto Insurance" (Direct Auto Insurance) [Trackback]
"Cheap Insurance Life Policy" (Cheap Insurance Life Policy) [Trackback]
"Cheap Car Insurance Rate" (Cheap Car Insurance Rate) [Trackback]
"Permanent Life Insurance" (Permanent Life Insurance) [Trackback]
"Nationwide Health Plans" (Nationwide Health Plans) [Trackback]
"Multi Trip Holiday Insurance" (Multi Trip Holiday Insurance) [Trackback]
"Online Auto Insurance Quotes" (Online Auto Insurance Quotes) [Trackback]
"Child Life Insurance" (Child Life Insurance) [Trackback]
"Insurance House" (Insurance House) [Trackback]
"Renters Insurence" (Renters Insurence) [Trackback]
"Online Car Insurance Estimate" (Online Car Insurance Estimate) [Trackback]
"Home Insurance Quote Online" (Home Insurance Quote Online) [Trackback]
"Health Insurance Quote" (Health Insurance Quote) [Trackback]
"Nationwide Health Plan" (Nationwide Health Plan) [Trackback]
"Credit Insurance" (Credit Insurance) [Trackback]
"Nj Cheap Car Insurance" (Nj Cheap Car Insurance) [Trackback]
"American Income Life Insurance" (American Income Life Insurance) [Trackback]
"Aa Home Insurance" (Aa Home Insurance) [Trackback]
"Health Insurance Company In Florida" (Health Insurance Company In Florida) [Trackback]
"Single Trip Travel Insurance" (Single Trip Travel Insurance) [Trackback]
"California Dental Insurance" (California Dental Insurance) [Trackback]
"Inexpensive Auto Insurance" (Inexpensive Auto Insurance) [Trackback]
"Long Term Care Insurance Comparison" (Long Term Care Insurance Comparison) [Trackback]
"Term Life Insurance Rates" (Term Life Insurance Rates) [Trackback]
"Equitable Life Insurance Company" (Equitable Life Insurance Company) [Trackback]
"Home Insurance" (Home Insurance) [Trackback]
"Texas Holdm Poker" (Texas Holdm Poker) [Trackback]
"Health Insurance Quote New York" (Health Insurance Quote New York) [Trackback]
"Group Insurance" (Group Insurance) [Trackback]
"Mortgage Refi" (Mortgage Refi) [Trackback]
"RBC Insurance Car Insurance" (RBC Insurance Car Insurance) [Trackback]
"Low Cost Life Insurance Quote" (Low Cost Life Insurance Quote) [Trackback]
"Internet Poker Bet" (Internet Poker Bet) [Trackback]
"Cheap Health Insurance In California" (Cheap Health Insurance In California) [Trackback]
"Affordable Carolina Health In Insurance North" (Affordable Carolina Health In I... [Trackback]
"Auto Award Insurance" (Auto Award Insurance) [Trackback]
"Playing Black Jack" (Playing Black Jack) [Trackback]
"Canada Phentermine" (Canada Phentermine) [Trackback]
"Provident Car Insurance" (Provident Car Insurance) [Trackback]
"mortgage" (mortgage) [Trackback]
"insurance quotes" (insurance quotes) [Trackback]
"Small Business Medical Insurance" (Small Business Medical Insurance) [Trackback]
"Dog In Nationwide Insurance Ad" (Dog In Nationwide Insurance Ad) [Trackback]
"Car Cheap In Insurance Michigan" (Car Cheap In Insurance Michigan) [Trackback]
"Phentermine" (Phentermine) [Trackback]
"Home Contents Insurance Uk" (Home Contents Insurance Uk) [Trackback]
"Buy Adipex P Consultations" (Buy Adipex P Consultations) [Trackback]
"Affordable Insurance" (Affordable Insurance) [Trackback]
"Car Insurance Prices" (Car Insurance Prices) [Trackback]
"Gambling Blackjack" (Gambling Blackjack) [Trackback]
"Mortgage Financing" (Mortgage Financing) [Trackback]
"Best Term Life Insurance" (Best Term Life Insurance) [Trackback]
"Korean Casino" (Korean Casino) [Trackback]
"Coverage Health Insurance" (Coverage Health Insurance) [Trackback]
"Online Vehicles Insurance" (Online Vehicles Insurance) [Trackback]
"Term Insurance" (Term Insurance) [Trackback]
"Home Owner Insurance Nj" (Home Owner Insurance Nj) [Trackback]
Saturday, August 19, 2006 5:20:58 AM UTC
zvbrbq85owv479hzk [URL=http://www.220784.com/800177.html] pe9fwuu94c [/URL] i7ze2qqs6yf4ynn9k
dwlpkqinfj
Wednesday, July 02, 2008 7:04:02 PM UTC
Good work! Thanks!
http://outwait.com/xanax/xanax-identification.htm xanax identification [url=http://outwait.com/xanax/buy-xanax-online.htm]buy xanax online[/url] http://outwait.com/xanax/xanax-withdrawal-symptoms.htm xanax withdrawal symptoms [url=http://outwait.com/xanax/xanax-dosages.htm]xanax dosages[/url] [url=http://outwait.com/xanax/xanax-delivered-overnight-with-no-prescription.htm]xanax delivered overnight with no prescription[/url] http://outwait.com/xanax/xanax-dosage-for-aniety.htm xanax dosage for aniety http://outwait.com/xanax/generic-xanax.htm generic xanax http://outwait.com/xanax/xanax-side-effects.htm xanax side effects
Renato
Sunday, March 15, 2009 8:37:33 PM UTC
Rpm1yf wnjlvlex ltyvbbqk fcitlrzi
cialis
Comments are closed.

© Copyright 2010 TELMEX PERU S.A.
Theme design by Bryan Bell

newtelligence dasBlog 2.3.9074.18820
Feed your aggregator (RSS 2.0)  Send mail to the author(s) | Page rendered at Wednesday, September 08, 2010 10:18:32 AM UTC

Pick a theme: