The UNIX and Linux Forums  

Go Back   The UNIX and Linux Forums > Special Forums > Security > Malware Advisories (RSS)
Bkdr_hupigon.cfv Bkdr_hupigon.cfv
.
google unix.com

Forums Register Forum RulesLinksAlbums FAQ Members List Calendar Search Today's Posts Mark Forums Read


Malware Advisories (RSS) Malware Security Advisories Via RSS

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Bkdr_hupigon.avc iBot Malware Advisories (RSS) 0 03-18-2008 08:00 AM
Bkdr_hupigon.aij iBot Malware Advisories (RSS) 0 03-11-2008 01:50 PM
Bkdr_hupigon.fa iBot Malware Advisories (RSS) 0 03-04-2008 03:20 AM
Bkdr_hupigon.fi iBot Malware Advisories (RSS) 0 03-03-2008 11:20 AM
Bkdr_hupigon.oth iBot Malware Advisories (RSS) 0 12-30-2007 06:00 PM

Closed Thread
English Japanese Spanish French German Portuguese Italian Dutch Swedish Russian Norwegian Hungarian Hebrew Danish Bulgarian Greek Powered by Powered by Google
 
LinkBack Thread Tools Search this Thread Rate Thread Display Modes
  #1 (permalink)  
Old 05-19-2008
iBot's Avatar
iBot iBot is offline
Forum Robot Girl
  
 

Join Date: Sep 2000
Posts: 22,263
Bkdr_hupigon.cfv
This backdoor may be downloaded from remote sites by the following malware:
JS_DLOADER.AP
JS_DLOADER.GXS
JS_DLOADER.UOW
JS_LIANZONG.E
JS_REALPLAY.AT
JS_REALPLAY.CE
JS_SENGLOT.D
JS_VEEMYFULL.AA
VBS_PSYME.CSZ
It can also be downloaded from certain remote sites.
It drops files/components detected as the following:
TSPY_ONLINEG.RKQ
TSPY_ONLINEG.DKL
TROJ_ONLINEG.DKO
TROJ_ONLINEG.DKY
TROJ_AGENT.VXO
TSPY_ONLINEG.DJZ
TSPY_ONLINEG.DJR
TSPY_LEGMIR.YS
TSPY_ONLINEG.OZN
TROJ_ONLINEG.DJT
TSPY_ONLINEG.DJW
TSPY_FRETHOG.NS
TSPY_FRETHOG.NW
TSPY_FRETHOG.NY
TSPY_ONLINEG.DJX
TSPY_FRETHOG.NZ
TSPY_ONLINEG.DKC
TSPY_ONLINEG.RMM
TSPY_ONLINEG.DKJ
TSPY_ONLINEG.RKQ
TSPY_ONLINEG.DKL
It opens a random port to allow a remote user to connect to the affected system. Once a successful connection is established, the remote user executes the following commands on the affected system:
Download files
Get system information
Log keystrokes
Shutdown affected system
Terminate process
It accesses Web sites to download files detected as the following:
TROJ_PROXY.ZK
TROJ_SYSTEMHI.DK
TROJ_SYSTEMHI.DL
TROJ_SYSTEMHI.DM
TROJ_SYSTEMHI.DO
TROJ_SYSTEMHI.DP
TROJ_SYSTEMHI.DW
TROJ_SYSTEMHI.EA
TROJ_SYSTEMHI.EB
TROJ_SYSTEMHI.HK
TSPY_FRETHOG.HE
TSPY_FRETHOG.IH
TSPY_FRETHOG.MR
TSPY_FRETHOG.MX
TSPY_FRETHOG.NA
TSPY_FRETHOG.NO
TSPY_FRETHOG.NQ
TSPY_GAMEOL.AQ
TSPY_LEGMIR.RD
TSPY_ONLINEG.DJM
TSPY_ONLINEG.DJN
TSPY_ONLINEG.DJR
TSPY_ONLINEG.DJS
TSPY_ONLINEG.GKR
TSPY_ONLINEG.KQL
TSPY_ONLINEG.OZN
TSPY_ONLINEG.RKQ
TSPY_ONLINEG.RKQ
TSPY_ONLINEG.SCS
TSPY_ONLINEG.SCY
As a result, malicious routines of the downloaded files are exhibited on the affected system.
It terminates certain services if found on the system.


More...
Closed Thread

Bookmarks

« Troj_nspm.aj | Js_agent.jxq »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes Rate This Thread
Hybrid Mode Hybrid Mode
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -4. The time now is 06:04 PM.

The UNIX and Linux Forums - Learn UNIX and UNIX Commands RSS Feeds - Contact Us - The UNIX and Linux Forums - Learn UNIX and UNIX Commands - Archive - Top

Powered by: vBulletin, Copyright ©2000 - 2006, Jelsoft Enterprises Limited. Language Translations Powered by .
vBCredits v1.4 Copyright ©2007 - 2008, PixelFX Studios
The UNIX and Linux Forums Content Copyright ©1993-2009. All Rights Reserved.Ad Management by RedTyger

Content Relevant URLs by vBSEO 3.2.0