Login or Register to Ask a Question and Join Our Community


Malware Advisories (RSS)

Bkdr_reload.p

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Malware Advisories (RSS) Bkdr_reload.p
# 1  
Old 07-13-2008
Bkdr_reload.p
This backdoor arrives on a system as a file dropped by other malware or as a downloaded file from a malicious Web site.

It monitors the Internet Explorer activities of the affected system, specifically the address bar. If a user visits any of the monitored sites, this backdoor recreates the legitimate Web site with a spoofed login page. The said routine tricks the user into giving out sensitive account-related information. It logs keystrokes entered by the user in the user name and password fields of the spoofed login page. It then closes the legitimate Web site once the backdoor recreates it.

This backdoor attempts to steal user information of online bank and saves it in LOGFILE1.TXT file. This routine risks the exposure of the user's account information, which may then lead to the unauthorized use of the stolen data.

It then sends the data it gathers to a public email address that uses smtp.terra.com.br domain server using its own Simple Mail Transfer Protocol (SMTP) engine.



More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT NETBSD

tprof

TPROF(8)						    BSD System Manager's Manual 						  TPROF(8)

NAME

     tprof -- record tprof profiling samples

SYNOPSIS

     tprof [-c] [-o file] command ...

DESCRIPTION

     The tprof is a sampling based profiler.

     tprof utility makes the kernel driver start profiling, executes the specified command, keeps recording samples from the kernel driver until
     the command finishes, and reports statistics to the standard error.

     The tprof pseudo driver and a suitable backend should be loaded beforehand.

     The tprof utility accepts the following options.

     -o file   Write the collected samples to the file named file.  The default is ``tprof.out''.

     -c        Write the collected samples to the standard output.  Note that the output is a binary stream.

EXAMPLES

     The following command profiles the system during 1 second and shows the top-10 kernel functions which likely consumed CPU cycles.

	     tprof -c sleep 1 2>/dev/null | tpfmt -skCLP | head -10

DIAGNOSTICS

     The tprof utility reports the following statistics about the activities of the tprof pseudo driver.

     sample	      The number of samples collected and prepared for userland consumption.

     overflow	      The number of samples dropped because the per-CPU buffer was full.

     buf	      The number of buffers successfully prepared for userland consumption.

     emptybuf	      The number of buffers which have been dropped because they were empty.

     dropbuf	      The number of buffers dropped because the number of buffers kept in the kernel exceeds the limit.

     dropbuf_samples  The number of samples dropped because the buffers containing the samples were dropped.

SEE ALSO

     tpfmt(1), tprof(4)

AUTHORS

     The tprof utility is written by YAMAMOTO Takashi.

CAVEATS

     The contents and representation of recorded samples are undocumented and will likely be changed for future releases of NetBSD in an incompat-
     ible way.

BSD
								 November 26, 2011							       BSD