The UNIX and Linux Forums  

Go Back   The UNIX and Linux Forums > Special Forums > Security > Malware Advisories (RSS)
.
google unix.com



Malware Advisories (RSS) Malware Security Advisories Via RSS

Closed Thread
English Japanese Spanish French German Portuguese Italian Dutch Swedish Russian Norwegian Hungarian Hebrew Danish Bulgarian Greek Powered by Powered by Google
 
LinkBack Thread Tools Search this Thread Rate Thread Display Modes
  #1 (permalink)  
Old 04-17-2008
iBot's Avatar
iBot iBot is offline
Forum Robot Girl
  
 

Join Date: Sep 2000
Posts: 22,263
Bkdr_protux.ar

This backdoor may be dropped by other malware, specifically TROJ_WORDROP.A.
Upon execution, this backdoor drops several files. Once a certain file is executed, it drops more files into the system.
The time and date stamp of a non-malicious file is copied to a dropped DLL file. It then modifies a registry entry to enable the dropped DLL file to run on every windows start up.
This backdoor opens a random port to allow a remote user to connect to the affected system. Once a successful connection is established, a remote user may be able to execute the following commands on the affected system:
However, due to an error in its code, it fails to perform these backdoor routines.


More...
Closed Thread

Bookmarks

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On




All times are GMT -4. The time now is 03:28 AM.


Powered by: vBulletin, Copyright ©2000 - 2006, Jelsoft Enterprises Limited. Language Translations Powered by .
vBCredits v1.4 Copyright ©2007 - 2008, PixelFX Studios
The UNIX and Linux Forums Content Copyright ©1993-2009. All Rights Reserved.Ad Management by RedTyger

Content Relevant URLs by vBSEO 3.2.0