EPFL Logo
fr|en
Se Connecter
Concept

Agobot

Agobot, also frequently known as Gaobot, is a family of computer worms. Axel "Ago" Gembe, a German programmer also known for leaking Half-Life 2 a year before release, was responsible for writing the first version. The Agobot source code describes it as: “a modular IRC bot for Win32 / Linux”. Agobot was released under version 2 of the GNU General Public License. Agobot is a multi-threaded and mostly object oriented program written in C++ as well as a small amount of assembly. Agobot is an example of a Botnet that requires little or no programming knowledge to use. New versions, or variants, of the worm appeared so rapidly that the Agobot family quickly grew larger than other bot families. Other bots in the Agobot family include Phatbot and Forbot. Agobot now has several thousand known variants. The majority of these target the Microsoft Windows platform; as a result the vast majority of the variants are not Linux compatible. Modern Agobot strains were most likely built with Visual Studio due to their reliance on Visual Studio's SDK and Processor Pack. An infectious Agobot can vary in size but is typically around 12 to 500 kilobytes depending on features, compiler optimizations, and binary modifications. A module written for one member in the Agobot family can usually be ported with ease to another bot. This mix-matching of modules to suit the owner's needs has inspired many of the worm's variants. Most Agobots have the following features: Password Protected IRC Client control interface Remotely update and remove the installed bot Execute programs and commands Port scanner used to find and infect other hosts DDoS attacks used to takedown networks The Agobot may contain other features such as: Packet sniffer Keylogger Polymorphic code Rootkit installer Information harvest Email Addresses Software Product Keys Passwords SMTP Client Spam Spreading copies of itself HTTP client Click Fraud DDoS Attacks The following propagation methods are sub-modules to the port scanning engine: MS03-026 RPC DCOM Remote Buffer Overflow MS04-011 LSASS Remote Buffer Overflow MS05-039 Plug and Play Remote Buffer Overflow Attempts to hijack common Trojan horses that accept incoming connections via an open port.

Source officielle
À propos de ce résultat
Cette page est générée automatiquement et peut contenir des informations qui ne sont pas correctes, complètes, à jour ou pertinentes par rapport à votre recherche. Il en va de même pour toutes les autres pages de ce site. Veillez à vérifier les informations auprès des sources officielles de l'EPFL.

Copyright © 2025 EPFL, tous droits réservés

Graph Chatbot

Chattez avec Graph Search

Posez n’importe quelle question sur les cours, conférences, exercices, recherches, actualités, etc. de l’EPFL ou essayez les exemples de questions ci-dessous.

AVERTISSEMENT : Le chatbot Graph n'est pas programmé pour fournir des réponses explicites ou catégoriques à vos questions. Il transforme plutôt vos questions en demandes API qui sont distribuées aux différents services informatiques officiellement administrés par l'EPFL. Son but est uniquement de collecter et de recommander des références pertinentes à des contenus que vous pouvez explorer pour vous aider à répondre à vos questions.