Phatbot is "the Swiss army knife of Trojans"

Does my bot look Phat in this?
Written by Munir Kotadia, Contributor

Does my bot look Phat in this?

A new iteration of a Trojan horse with an unusually comprehensive set of features has appeared.

Phatbot, also known as Agobot, is a powerful piece of malware that opens a back door on a computer and connects to its own peer-to-peer network of infected machines. Once a computer is infected and connected to this P2P network, the author of Phatbot has complete control over the computer and can use it for any number of malicious tasks.

Mikko Hyppönen, director of antivirus research at F-Secure, said: "Phatbot is dangerous because it is so feature-rich that you can do anything - it's probably the largest back-door we have ever seen in terms of features."

"It has a multitude of different methods of gaining access to a machine, including the back doors left by Bagle, MyDoom and Blaster. Phatbot is the Swiss army knife of Trojan horses," he added.

"When it gains control of a machine, it connects to this P2P network that allows the virus writer to control and send commands to the infected hosts. As a backup, it also uses an IRC channel. There are hundreds of different commands ranging from various types of DDoS attacks to stealing everything from the address book to deleting files and finding new hosts to infect."

However, Graham Cluley, senior technology consultant at Sophos, said Phatbot can be dealt with by regular antivirus software and may be garnering attention partly because of its new moniker.

"We have seen lots of different versions of this Agobot, but someone started referring to it with the trendier name of Phatbot and now people have started getting excited about it," he said.

Munir Kotadia writes for ZDNet UK

Editorial standards