The UNIX and Linux Forums  

Go Back   The UNIX and Linux Forums > Special Forums > Security > Malware Advisories (RSS)
Bkdr_protux.ar Bkdr_protux.ar
Google UNIX.COM
Forums Portal Register Forum Rules FAQContribute Members List Arcade Search Today's Posts Mark Forums Read


Malware Advisories (RSS) Malware Security Advisories Via RSS

Reply
 
Submit Tools LinkBack Thread Tools Display Modes
  #1  
Old 04-17-2008
iBot's Avatar
RSS Robot Girl
  

Join Date: Sep 2000
Posts: 14,297
Bkdr_protux.ar
This backdoor may be dropped by other malware, specifically TROJ_WORDROP.A.
Upon execution, this backdoor drops several files. Once a certain file is executed, it drops more files into the system.
The time and date stamp of a non-malicious file is copied to a dropped DLL file. It then modifies a registry entry to enable the dropped DLL file to run on every windows start up.
This backdoor opens a random port to allow a remote user to connect to the affected system. Once a successful connection is established, a remote user may be able to execute the following commands on the affected system:
However, due to an error in its code, it fails to perform these backdoor routines.


More...
Reply With Quote
Google The UNIX and Linux Forums
Forum Sponsor
Reply

« Troj_cutwail.bc | Html_iframe.ai »
Thread Tools
Display Modes
Linear Mode Linear Mode




All times are GMT -7. The time now is 09:51 AM.

The UNIX and Linux Forums RSS Feeds - Contact Us - The UNIX and Linux Forums - Archive - Top

Powered by: vBulletin, Copyright ©2000 - 2006, Jelsoft Enterprises Limited.
The UNIX and Linux Forums Content Copyright ©1993-2008. All Rights Reserved.Ad Management by RedTyger Visit The Complex Event Processing Blog

Content Relevant URLs by vBSEO 3.2.0