Login or Register to Ask a Question and Join Our Community


Malware Advisories (RSS)

Bkdr_asprox.b

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Malware Advisories (RSS) Bkdr_asprox.b
# 1  
Old 01-12-2008
Bkdr_asprox.b
This backdoor may be dropped by other malware. It may be downloaded unknowingly by a user when visiting malicious Web sites.
Upon execution, this backdoor drops several files, some of which are detected as BKDR_ASPROX.B.
It creates a registry entry to enable the automatic execution of its dropped malicious file.
This backdoor opens port 80 and acts as an HTTP proxy. It then connects to certain sites, and retrieves the connection time for each.
It then deletes itself after execution.
It uploads specific information to the above-mentioned Web sites, using an HTTP POST command. This backdoor also allows a remote malicious user to perform commands on the affected system. It also retrieves commands and updates from the said sites, by parsing the HTTP page being returned by the server during upload of stolen information. The returned HTTP page is obfuscated. It searches the registry for FTP hosts, user accounts, and passwords.
It gathers e-mail addresses on affected the system, however those addresses should satisfy certain conditions.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

jifty::web::session::apachesession

Jifty::Web::Session::ApacheSession(3pm) 		User Contributed Perl Documentation		   Jifty::Web::Session::ApacheSession(3pm)

NAME

       Jifty::Web::Session::ApacheSession - Jifty Sessions based on Apache::Session

SYNOPSIS

       In your etc/config.yml, using the Apache::Session::File backend:

	 framework:
	   Web:
	     SessionClass: Jifty::Web::Session::ApacheSession
	     SessionBackend: File
	     SessionOptions:
	       Directory: /tmp/sessions
	       LockDirectory: /var/lock/sessions

       Or with Apache::Session::Memorycached backend:

	 framework:
	   Web:
	     SessionClass: Jifty::Web::Session::ApacheSession
	     SessionBackend: Memorycached
	     SessionOptions: { servers: [ '127.0.0.1:11211' ] }

   new
       Returns a new, empty session handler, subclassing Jifty::Web::Session.

   id
       Returns the session's id if it has been loaded, or "undef" otherwise.

   create
       Creates a new session.

   load [ID]
       Load up the current session from the given "ID", or the appropriate cookie (see "cookie_name" in Jifty::Web::Session) otherwise.

       If both of those fail, creates a session in memory.

   get KEY [TYPE]
       See "get" in Jifty::Web::Session.

   set KEY => VALUE, [TYPE]
       See "set" in Jifty::Web::Session.

   remove KEY, [TYPE]
       See "remove" in Jifty::Web::Session.

   remove_all
       See "remove_all" in Jifty::Web::Session.

   continuations
       See "continuations" in Jifty::Web::Session.

perl v5.14.2							    2010-09-25				   Jifty::Web::Session::ApacheSession(3pm)