Virus:BDS/TOn.A
Date discovered:29/02/2008
Type:Backdoor Server
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Medium
Static file:Yes
File size:85.771 Bytes
MD5 checksum:e68f537560400Fb1b181f31febfc5bf1
IVDF version:7.00.02.217 - Monday, March 3, 2008

 General Method of propagation:
   • No own spreading routine


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Registry modification
   • Third party control


Right after execution the following information is displayed:


 Registry The following registry key is added in order to run the process after reboot:

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • UpData = %executed file% -hide

 Backdoor Contact server:
The following:
   • eingang1.sytes.net:9222

As a result it may send information and remote control could be provided.

Sends information about:
    • Current malware status
    • Information about the Windows operating system


Remote control capabilities:
    • Download file
    • Execute file
    • Terminate malware

 File details Programming language:
 The malware program was written in MS Visual C++.


Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
   • UPX

Description inserted by Andrei Gherman on Friday, February 29, 2008
Description updated by Andrei Gherman on Monday, March 3, 2008

Back . . . .