Login or Register to Ask a Question and Join Our Community


Malware Advisories (RSS)

Bkdr_protux.ar

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Malware Advisories (RSS) Bkdr_protux.ar
# 1  
Old 04-17-2008
Bkdr_protux.ar
This backdoor may be dropped by other malware, specifically TROJ_WORDROP.A.
Upon execution, this backdoor drops several files. Once a certain file is executed, it drops more files into the system.
The time and date stamp of a non-malicious file is copied to a dropped DLL file. It then modifies a registry entry to enable the dropped DLL file to run on every windows start up.
This backdoor opens a random port to allow a remote user to connect to the affected system. Once a successful connection is established, a remote user may be able to execute the following commands on the affected system:
However, due to an error in its code, it fails to perform these backdoor routines.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

captest

CAPTEST:(8)						  System Administration Utilities					       CAPTEST:(8)

NAME

       captest - a program to demonstrate capabilities

SYNOPSIS

       captest [ --drop-all | --drop-caps | --id ] [ --lock ] [ --text ]

DESCRIPTION

       captest	is a program that demonstrates and prints out the current process capabilities. Each option prints the same report. It will output
       current capabilities. then it will try to access /etc/shadow directly to show if that can be done. Then it creates  a  child  process  that
       attempts to read /etc/shadow and outputs the results of that. Then it outputs the capabilities that a child process would have.

       You  can  also apply file system capabilities to this program to study how they work. For example, filecap /usr/bin/captest chown. Then run
       captest as a normal user. Another interesting test is to make captest suid root so that you can see what the interaction is between  root's
       credentials  and capabilities. For example, chmod 4755 /usr/bin/captest. When run as a normal user, the program will see if privilege esca-
       lation is possible. But do not leave this app setuid root after you are don testing so that an attacker cannot take advantage of it.

OPTIONS

       --drop-all
	      This drops all capabilities and clears the bounding set.

       --drop-caps
	      This drops just traditional capabilities.

       --id   This changes to uid and gid 99, drops supplemental groups, and clears the bounding set.

       --text This option outputs the effective capabilities in text rather than numerically.

       --lock This prevents the ability for child processes to regain privileges if the uid is 0.

SEE ALSO

       filecap(8), capabilities(7)

AUTHOR

       Steve Grubb

Red Hat 							     June 2009							       CAPTEST:(8)