|
|
|
|
|
|||||||
| Forums | Portal | Register | Forum Rules | FAQ | Contribute | Members List | Arcade | Search | Today's Posts | Mark Forums Read |
| Malware Advisories (RSS) Malware Security Advisories Via RSS |
More UNIX and Linux Forum Topics You Might Find Helpful
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Bkdr_poison.ds | iBot | Malware Advisories (RSS) | 0 | 04-25-2008 03:30 PM |
| Bkdr_poison.bj | iBot | Malware Advisories (RSS) | 0 | 04-09-2008 07:40 PM |
| Bkdr_poison.ce | iBot | Malware Advisories (RSS) | 0 | 03-26-2008 06:50 AM |
 |
|
|
Submit Tools | LinkBack | Thread Tools | Display Modes |
04-10-2008
|
||||
|
||||
|
Bkdr_poison.bj
This backdoor may be dropped by other malware, specifically TROJ_PIDIEF.GJ.
Upon execution, it will inject its code into a legitimate process. It then drops a copy of itself. This backdoor creates a registry entry to enable its automatic execution at every system startup. It then uses the system's default browser to open a hidden window. It does this by traversing a registry entry. It uses the said application to open a random TCP port to access a host name. It then connects to a site. It logs user keystrokes and the title of the active window. It does the said routine to steal information. The stolen information is then saved as %System%\strcpy and later sent once connected. More... 
|
||||
| Google The UNIX and Linux Forums |
| Forum Sponsor | ||
|
|
|
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
