Bkdr_pcclient.yp

02-05-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

Bkdr_pcclient.yp

This backdoor is a .DLL component dropped by other malware to serve as its backdoor component. It is usually dropped in the system folder and registered as system service to ensure its automatic execution every system startup. It is then injected as thread into running processes to remain memory resident and makes it difficult to terminate.
This backdoor connects to a certain URL via a random port and executes commands locally on affected machines.
However, it requires its main component to run properly.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

wsreg_register(3WSREG) Product Install Registry Library Functions wsreg_register(3WSREG) NAME
wsreg_register - register a component in the product install registry SYNOPSIS
cc [flag ...] file ...-lwsreg [library ...] #include <wsreg.h> int wsreg_register(Wsreg_component *comp); DESCRIPTION
The wsreg_register() function updates a component in the product install registry. If comp is already in the product install registry, the call to wsreg_register() results in the currently registered component being updated. Otherwise, comp is added to the product install registry. An instance is assigned to the component upon registration. Subsequent component updates retain the same component instance. If comp has required components, each required component is updated to reflect the required component relationship. If comp has child components, each child component that does not already have a parent is updated to reflect specified component as its parent. RETURN VALUES
Upon successful completion, a non-zero value is returned. If the component could not be updated in the product install registry, 0 is returned. EXAMPLES
Example 1: Create and register a component. The following example creates and registers a component. #include <wsreg.h> int main (int argc, char **argv) { char *uuid = "d6cf2869-1dd1-11b2-9fcb-080020b69971"; Wsreg_component *comp = NULL; /* Initialize the registry */ wsreg_initialize(WSREG_INIT_NORMAL, NULL); /* Create the component */ comp = wsreg_create_component(uuid); wsreg_set_unique_name(comp, "wsreg_example_1"); wsreg_set_version(comp, "1.0"); wsreg_add_display_name(comp, "en", "Example 1 component"); wsreg_set_type(comp, WSREG_COMPONENT); wsreg_set_location(comp, "/usr/local/example1_component"); /* Register the component */ wsreg_register(comp); wsreg_free_component(comp); return 0; } USAGE
A product's structure can be recorded in the product install registry by registering a component for each element and container in the product definition. The product and each of its features would be registered in the same way as a package that represents installed files. Components should be registered only after they are successfully installed. If an entire product is being registered, the product should be registered after all components and features are installed and registered. In order to register correctly, the component must be given a uuid, unique name, version, display name, and a location. The location ass- gined to product structure components should generally be the location in which the user chose to install the product. ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |MT-Level |Unsafe | +-----------------------------+-----------------------------+ SEE ALSO
wsreg_get(3WSREG), wsreg_initialize(3WSREG), wsreg_create_component(3WSREG), wsreg_unregister(3WSREG), attributes(5) SunOS 5.10 22 Sep 2000 wsreg_register(3WSREG)

Malware Advisories (RSS)

Bkdr_pcclient.yp

LEARN ABOUT SUNOS

wsreg_register