Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:BDS/Small.JJ
Date discovered:03/01/2006
Type:Backdoor Server
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Medium
Static file:Yes
File size:94.208 Bytes
MD5 checksum:1475bfdd7515bb1a7309a828b5ad1ce5
VDF version:6.33.00.92

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Kaspersky: Backdoor.Win32.Small.jj
   •  TrendMicro: BKDR_SMALL.AXH
   •  Bitdefender: Backdoor.Small.JJ


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Registry modification
   • Third party control

 Registry The following registry keys are added:

[HKCU\Software\Microsoft\NetGetXP]
[HKCU\Software\Microsoft\NetGetXP\Options]
   • 0x%four-digit random character string%=%stolen information%

 Backdoor Contact server:
One of the following:
   • http://200.152.195.**********/newbd/get.php
   • http://200.152.195.**********/newbd/reg.php

As a result it may send information and remote control could be provided. This is done via the HTTP GET and POST method using a PHP script.


Sends information about:
    • Computer name
     Current user
     Environment variables
     Current malware status
     Information about the network
     Platform ID
     Information about the Windows operating system


Remote control capabilities:
     Download file
     Execute file
     Terminate malware

 Injection – It injects itself into a process.

    Process name:
   • iexplore.exe


 Miscellaneous Mutex:
It creates the following Mutex:
   • PFAMUTEX1

 File details Programming language:
The malware program was written in MS Visual C++.

Description inserted by Andrei Gherman on Wednesday, January 4, 2006
Description updated by Andrei Gherman on Wednesday, January 4, 2006

Back . . . .