BDS/Glac.A - Backdoor Server

See also

Summary

Full description

Statistics

Virus:	BDS/Glac.A
Date discovered:	17/01/2006
Type:	Backdoor Server
In the wild:	Yes
Reported Infections:	Low
Distribution Potential:	Low
Damage Potential:	Medium
Static file:	Yes
File size:	529.920 Bytes
MD5 checksum:	78005f157cfe09e15a57ea54ec36201d
VDF version:	6.33.00.29 - Thu, 15 Dec 2005 12:22 (GMT+1)

General Method of propagation:
   • No own spreading routine

Aliases:
   • Kaspersky: Backdoor.Win32.Glac.a
   • Bitdefender: Backdoor.Delf.ABR

Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003

Side effects:
   • Registry modification
   • Steals information
   • Third party control

Files It copies itself to the following location:
• %SYSDIR%\%executed file%

Registry – [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
• sysutil = %SYSDIR%\%executed file%

Backdoor The following ports are opened:

– %executed file% on TCP port 1534 in order to provide backdoor capabilities.
– %executed file% on TCP port 1535 in order to provide backdoor capabilities.

Sends information about:
    • Environment variables
    • Information about running processes

Remote control capabilities:
    • Abort connection
    • Change directory
    • Delete file
    • Directory listing
    • Display a message
    • Download file
    • Execute file
    • Terminate process
    • Upload file

File details Programming language:
The malware program was written in Delphi.

See a brief description here.

Description inserted by Andrei Gherman on Tue, 17 Jan 2006 13:24 (GMT+1)
Description updated by Andrei Gherman on Tue, 24 Jan 2006 09:03 (GMT+1)

» About Malware
» About Phishing
» Viruses In the Wild

« back