Should Have Seen This Coming…

By on September 14, 2004

Netcraft reports on a new worm that installs a network traffic sniffer as part of its payload.

A new worm whose payload includes the SDBot trojan tries to install a “sniffer,” seeking to use infected computers to capture login and banking information for other computers on the same network. While sniffers are hardly new, the bundling of a sniffer with an auto-propagating worm is a new wrinkle, according to security firms.

From the hacker’s perspective, this approach makes so much sense that I’m shocked that it’s taken this long for something like this to show up. Why monitor just one computer, when you can put the ethernet card in promiscuous mode and potentially pick up traffic from a lot of computers.

This is the main reason switches are so heavily preferred over hubs in corporate environments.