Virus:BDS/Glac.A
Date discovered:17/01/2006
Type:Backdoor Server
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Medium
Static file:Yes
File size:529.920 Bytes
MD5 checksum:78005f157cfe09e15a57ea54ec36201d
VDF version:6.33.00.29

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Kaspersky: Backdoor.Win32.Glac.a
   •  Bitdefender: Backdoor.Delf.ABR


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Registry modification
   • Steals information
   • Third party control

 Files It copies itself to the following location:
   • %SYSDIR%\%executed file%

 Registry – [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   • sysutil = %SYSDIR%\%executed file%

 Backdoor The following ports are opened:

%executed file% on TCP port 1534 in order to provide backdoor capabilities.
%executed file% on TCP port 1535 in order to provide backdoor capabilities.

Sends information about:
    • Environment variables
    • Information about running processes


Remote control capabilities:
    • Abort connection
    • Change directory
    • Delete file
    • Directory listing
    • Display a message
    • Download file
    • Execute file
    • Terminate process
    • Upload file

 File details Programming language:
 The malware program was written in Delphi.

Description inserted by Andrei Gherman on Tuesday, January 17, 2006
Description updated by Andrei Gherman on Tuesday, January 24, 2006

Back . . . .