Login or Register to Ask a Question and Join Our Community


Malware Advisories (RSS)

Bkdr_agent.adgs

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Malware Advisories (RSS) Bkdr_agent.adgs
# 1  
Old 12-29-2007
Bkdr_agent.adgs
This backdoor may be dropped by other malware, specifically TROJ_PPDROP.K. It may also be downloaded unknowingly by a user when visiting malicious Web sites.
This backdoor is injected into a process running in memory. It then creates a registry entry to enable its automatic execution at every system startup.
This backdoor allows a remote user to obtain files from an affected system. It accesses a remote site to allow a remote malicious user to connect to the affected system. Once a successful connection is established, the remote user is able to execute commands on the affected system.
It drops a non-malicious file into which it saves gathered information. It then sends the gathered information to a specific email address.
It sends the gathered information to a predetermined email address using its own Simple Mail Transfer Protocol (SMTP) engine.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

amcryptsimple

AMCRYPTSIMPLE(8)					  System Administration Commands					  AMCRYPTSIMPLE(8)

NAME

       amcryptsimple - reference simple crypt program for Amanda symmetric data encryption

SYNOPSIS

       amcryptsimple  to be called by Amanda only

DESCRIPTION

       amcryptsimple calls gpg to perform symmetric data encryption on Amanda backup.  amcryptsimple will search for the gpg program in the
       following directories: /usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin

       amcryptsimple uses one passphrase to encrypt the Amanda data and uses the same passphrase to decrypt the Amanda backup data.  amcryptsimple
       uses AES256 as the symmetric cipher.

HOW TO CREATE PASSPHRASE

       Store the passphrase inside the home-directory of the Amanda user ($amanda_user) and protect it with proper permissions:

       echo my_secret_passphrase > ~$amanda_user/.am_passphrase
       chown $amanda_user:disk ~$amanda_user/.am_passphrase
       chmod 700 ~$amanda_user/.am_passphrase

NOTES

       Choose a good passphrase and protect it properly. Backup data can only be restored with the passphrase. There is no backdoor.

       If storing and securing passphrase in your environment presents challenges, Amanda provide public-key data encryption through amgpgcrypt.
       Public-key encryption uses the public key to encrypt and uses the private key to decrypt.

SEE ALSO

       amanda(8), amanda.conf(5), amcrypt(8), amgpgcrypt(8), amrestore(8), gpg(1)

       The Amanda Wiki: : http://wiki.zmanda.com/

AUTHOR

       Kevin Till <kevin.till@zmanda.com>
	   Zmanda, Inc. (http://www.zmanda.com)

Amanda 3.3.1							    02/21/2012							  AMCRYPTSIMPLE(8)