Login or Register to Ask a Question and Join Our Community


Malware Advisories (RSS)

Bkdr_asprox.b

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Malware Advisories (RSS) Bkdr_asprox.b
# 1  
Old 01-12-2008
Bkdr_asprox.b
This backdoor may be dropped by other malware. It may be downloaded unknowingly by a user when visiting malicious Web sites.
Upon execution, this backdoor drops several files, some of which are detected as BKDR_ASPROX.B.
It creates a registry entry to enable the automatic execution of its dropped malicious file.
This backdoor opens port 80 and acts as an HTTP proxy. It then connects to certain sites, and retrieves the connection time for each.
It then deletes itself after execution.
It uploads specific information to the above-mentioned Web sites, using an HTTP POST command. This backdoor also allows a remote malicious user to perform commands on the affected system. It also retrieves commands and updates from the said sites, by parsing the HTTP page being returned by the server during upload of stolen information. The returned HTTP page is obfuscated. It searches the registry for FTP hosts, user accounts, and passwords.
It gathers e-mail addresses on affected the system, however those addresses should satisfy certain conditions.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT LINUX

a2ensite

A2ENSITE(8)						      System Manager's Manual						       A2ENSITE(8)

NAME

       a2ensite, a2dissite - enable or disable an apache2 site / virtual host

SYNOPSIS

       a2ensite [site]

       a2dissite [site]

DESCRIPTION

       This manual page documents briefly the a2ensite and a2dissite commands.

       a2ensite is a script that enables the specified site (which contains a <VirtualHost> block) within the apache2 configuration.  It does this
       by creating symlinks within /etc/apache2/sites-enabled.	Likewise, a2dissite disables a site by removing those  symlinks.   It  is  not	an
       error to enable a site which is already enabled, or to disable one which is already disabled.

       The default site is handled specially: The resulting symlink will be called 000-default in order to be loaded first.

EXAMPLES

	      a2dissite default

       Disables the default site.

FILES

       /etc/apache2/sites-available
	      Directory with files giving information on available sites.

       /etc/apache2/sites-enabled
	      Directory with links to the files in sites-available for enabled sites.

SEE ALSO

       apache2ctl(8).

AUTHOR

       This  manual  page  was written by Stefan Fritsch <sf@debian.org> (based on the a2enmod manual page by Daniel Stone <daniel@sfarc.net>) for
       the Debian GNU/Linux distribution.

								    8 June 2007 						       A2ENSITE(8)