|
Friday, 05 August 2005 |
Malware type: Backdoor
In the wild: Yes
Destructive: No
Language: English
Platform: Windows ME, NT, 2000, XP, Server 2003
Encrypted: No
Description:
This backdoor program modifies a particular registry entry to disable the services used by Trend Micro products.
It opens random TCP ports to allow a malicious user to access a machine. Once the machine is infected, it notifies the malicious user to send IM message containing a specific link to the affected system. The said URL points to the Web site where this backdoor is downloaded.
It creates a randomly generated folder in the Windows system folder to drop several files.
This backdoor program also modifies the HOSTS file, which contains a host name to IP address mappings. The said routine prevents affected users from accessing several Web sites, which are related to antivirus and security companies. |
