English
Deutsch
Francais
Español
Italian
Home
Virus Info
BDS/Delf.CO.13
Search
Home
Support
Solutions
Products
Downloads
Virus Info
Statistics
Phishing Worldmap
VDF History
Virus Science
Submit Sample
Security News
Viruses In the Wild
Company
Press
Partners
Newsletter
BDS/Delf.CO.13 - Backdoor Server
In alte limbi
Scurta descriere
Descriere completa
Statistici
How would you rate this information?
Worthless
Excellent
Nume:
BDS/Delf.CO.13
Descoperit pe data de:
04/08/2006
Tip:
Backdoor Server
ITW:
Nu
Numar infectii raportate:
Scazut
Potential de raspandire:
Scazut
Potential de distrugere:
Mediu
Fisier static:
Da
Marime:
760.320 Bytes
MD5:
0756d255c3bae4a5b691bc1c1e22a49b
Versiune VDF:
6.35.01.46
Versiune IVDF:
6.35.01.46
General
Metoda de raspandire:
• Nu are rutina proprie de raspandire
• Kaspersky: Backdoor.Win32.Delf.co
• Bitdefender: Backdoor.Delf.CO
Sistem de operare:
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Windows 2003
Efecte secundare:
• Descarca fisiere
• Descarca fisiere malware
• Modificari in registri
• Sustrage informatii
• Posibilitatea accesului neautorizat la computer
Fisiere
Se copiaza in urmatoarea locatie:
•
%PROGRAM FILES%
\PViever\pviever.exe
Creeaza urmatorul director:
•
%PROGRAM FILES%
\PViever\
Este creat fisierul:
–
%PROGRAM FILES%
\PViever\uin.txt Acesta este un fisier text care nu prezinta pericol si are urmatorul continut:
•
%data curenta%
%numar%
Registrii sistemului
Urmatoarea cheie este adaugata in registri pentru a rula procesul la repornirea sistemului:
– HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
• "PViever"=""
%PROGRAM FILES%
\PViever\pviever.exe" hide"
Urmatoarele chei sunt adaugate in registrii sistemului:
– HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
User Agent
– HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
User Agent\Post Platform
• "(Default)"=""
– HKLM\SOFTWARE\Surf
• "mhost"=
%resurse folosite de malware descarcate de pe internet%
• "uin"=
%data curenta%
%numar%
Urmatoarele chei din registri sunt modificate:
– HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes
Vechea valoare:
• "www"="http://"
Noua valoare:
• "www"="http://htpp.ws?"
– HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
Vechea valoare:
• "(Default)"="http://"
Noua valoare:
• "(Default)"="http://htpp.ws?"
Backdoor
Servere contactate:
Unul dintre:
• http://neo**********
• http://super**********
• http://htp**********
• http://xe**********
• http://mirax.spb.ru**********
Astfel se pot transmite informatii si se poate obtine control la distanta. In plus, conexiunea e reluata periodic. Aceasta se face printr-o interogare HTTP GET intr-un script PHP.
Furt de informatii
Incearca sa obtina urmatoarele informatii:
– Parole tastate in campuri de logare
Detaliile fisierului
Limbaj de programare:
Limbaj de programare folosit: Delphi.
Pentru o descriere scurta click
aici
.
Descriere introdusa de Teodor Onisor la Mon, 07 Aug 2006 13:45 (GMT+1)
Descriere actualizata de Teodor Onisor la Tue, 08 Aug 2006 09:29 (GMT+1)
»
About Malware
»
About Phishing
»
Viruses In the Wild
« back
Print this page
Worm/Mytob.U
Worm/Netsky.J
Worm/Mytob.AT
Worm/Mytob.AD
Worm/Klez.E
BDS/McMaggot.A
Worm/McMaggot.A
HEUR/PDF.Obfuscated
SPR/mIRC.Gen
TR/Crypt.UPKM.Gen
Get comfortable up to the minute info from Avira as
Detects and removes the following malware and its variants:
Worm/Sober.J
Worm/Sober.P
Worm/Sober.Y
W32/Stanit.A
Worm/NetSky.AA
Worm/NetSky.B.1
Worm/NetSky.C
Worm/Netsky.D.Dam
Worm/NetSky.P
Worm/NetSky.X
Worm/Mytob.IN.2
Worm/Mytob.KS
TR/Spy.Banker.AATZ
TR/Spy.Banker.AATZ.1
TR/Spy.Banker.AATZ.2
TR/Spy.Banker.AATZ.3
Download here
Click
here
to get the panel...
© 2008 Avira GmbH
Copyright
Privacy
Sitemap
Feedback
Imprint
FAQ
Contact
Virus Info BDS/Delf.CO.13
Print this page
.gif)
