Login or Register to Ask a Question and Join Our Community


Malware Advisories (RSS)

Bkdr_asprox.b

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Malware Advisories (RSS) Bkdr_asprox.b
# 1  
Old 01-12-2008
Bkdr_asprox.b
This backdoor may be dropped by other malware. It may be downloaded unknowingly by a user when visiting malicious Web sites.
Upon execution, this backdoor drops several files, some of which are detected as BKDR_ASPROX.B.
It creates a registry entry to enable the automatic execution of its dropped malicious file.
This backdoor opens port 80 and acts as an HTTP proxy. It then connects to certain sites, and retrieves the connection time for each.
It then deletes itself after execution.
It uploads specific information to the above-mentioned Web sites, using an HTTP POST command. This backdoor also allows a remote malicious user to perform commands on the affected system. It also retrieves commands and updates from the said sites, by parsing the HTTP page being returned by the server during upload of stolen information. The returned HTTP page is obfuscated. It searches the registry for FTP hosts, user accounts, and passwords.
It gathers e-mail addresses on affected the system, however those addresses should satisfy certain conditions.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

g_destroy_consumer

G_CONSUMER(9)						   BSD Kernel Developer's Manual					     G_CONSUMER(9)

NAME

     g_new_consumer, g_destroy_consumer -- GEOM consumers management

SYNOPSIS

     #include <geom/geom.h>

     struct g_consumer *
     g_new_consumer(struct g_geom *gp);

     void
     g_destroy_consumer(struct g_consumer *cp);

DESCRIPTION

     A GEOM consumer is the backdoor through which a geom connects to another GEOM provider and through which I/O requests are sent.

     The g_new_consumer() function creates a new consumer on geom gp.  Before using the new consumer, it has to be attached to a provider with
     g_attach(9) and opened with g_access(9).

     The g_destroy_consumer() function destroys the given consumer and cancels all related pending events.  This function is the last stage of
     killing an unwanted consumer.

RESTRICTIONS
/CONDITIONS
     g_new_consumer():

	   The geom gp has to have an orphan method defined.

	   The topology lock has to be held.

     g_destroy_consumer():

	   The consumer must not be attached to a provider.

	   The access count has to be 0.

	   The topology lock has to be held.

RETURN VALUES

     The g_new_consumer() function returns a pointer to the newly created consumer.

EXAMPLES

     Create consumer, attach it to given provider, gain read access and clean up.

	   void
	   some_function(struct g_geom *mygeom, struct g_provider *pp)
	   {
		   struct g_consumer *cp;

		   g_topology_assert();

		   /* Create new consumer on 'mygeom' geom. */
		   cp = g_new_consumer(mygeom);
		   /* Attach newly created consumer to given provider. */
		   if (g_attach(cp, pp) != 0) {
			   g_destroy_consumer(cp);
			   return;
		   }
		   /* Open provider for reading through our consumer. */
		   if (g_access(cp, 1, 0, 0) != 0) {
			   g_detach(cp);
			   g_destroy_consumer(cp);
			   return;
		   }

		   g_topology_unlock();
		   /*
		    * Read data from provider.
		    */
		   g_topology_lock();

		   /* Disconnect from provider (release access count). */
		   g_access(cp, -1, 0, 0);
		   /* Detach from provider. */
		   g_detach(cp);
		   /* Destroy consumer. */
		   g_destroy_consumer(cp);
	   }

SEE ALSO

     geom(4), DECLARE_GEOM_CLASS(9), g_access(9), g_attach(9), g_bio(9), g_data(9), g_event(9), g_geom(9), g_provider(9), g_provider_by_name(9),
     g_wither_geom(9)

AUTHORS

     This manual page was written by Pawel Jakub Dawidek <pjd@FreeBSD.org>.

BSD
								 January 16, 2004							       BSD