//start foreach
English
//start foreach
Deutsch
//start foreach
Français
//start foreach
Español
//start foreach
Italiano
//start foreach
Русский
//start foreach
日本語
//start foreach
Português
Home
Virus Info
BDS/McMaggot.A
Search
Home
Support
Solutions
Products
Downloads
Virus Info
Statistics
Phishing Worldmap
VDF History
Virus Science
Submit Sample
Security News
Viruses In the Wild
Company
Press
Partners
Newsletter
TechBlog
BDS/McMaggot.A - Backdoor Server
In alte limbi
Scurta descriere
Descriere completa
Statistici
How would you rate this information?
Worthless
Excellent
Nume:
BDS/McMaggot.A
Descoperit pe data de:
04/12/2008
Tip:
Backdoor Server
ITW:
Da
Numar infectii raportate:
Scazut spre mediu
Potential de raspandire:
Scazut spre mediu
Potential de distrugere:
Mediu
Fisier static:
Da
Marime:
157.184 Bytes
MD5:
f596b22087d6404d538825413e266131
Versiune IVDF:
7.01.00.184
General
Metoda de raspandire:
• Nu are rutina proprie de raspandire
Alias:
• Symantec: W32.Ackantta@mm
• Mcafee: W32/Xirtem@MM virus !!!
• Kaspersky: Trojan.Win32.Agent.asdj
• Grisoft: Downloader.Agent.APQJ
• Bitdefender: Backdoor.Bot.67413
Initial identificat ca:
• TR/Dropper.Gen
Sistem de operare:
• Windows 95
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Windows 2003
Efecte secundare:
• Creeaza un fisier
• Inregistreaza intrarile de la tastatura
• Modificari in registri
• Sustrage informatii
• Posibilitatea accesului neautorizat la computer
Fisiere
Este creat fisierul:
–
%WINDIR%
\drm.ocx
Registrii sistemului
– HKCU\Software\Microsoft\Windows\CurrentVersion\Run
• QnX"="c:\
%directorul de activare malware%
\qnx.exe
– HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
Run
• "QnX"="c:\
%directorul de activare malware%
\qnx.exe"
Urmatoarele chei sunt adaugate in registri pentru a incarca serviciul la repornirea sistemului:
– HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
{77520Q86-864L-N81R-0R2W-7U2G0P22436U}
• "StubPath"="\"c:\
%directorul de activare malware%
\qnx.exe\""
Backdoor
Servere contactate:
• web1.**********.org
Astfel se pot transmite informatii si se poate obtine control la distanta.
Trimte informatii despre:
• Informatii despre procesele sistemului
• Porneste keylog
Furt de informatii
Incearca sa obtina urmatoarele informatii:
– Parole tastate in campuri de logare
Detaliile fisierului
Limbaj de programare:
Limbaj de programare folosit: C (compilat cu Microsoft Visual C++).
Compresia fisierului:
Pentru a ingreuna detectia si a reduce marimea fisierului, este folosit un program de compresie runtime.
Pentru o descriere scurta click
aici
.
Descriere introdusa de Alexander Neth la Thu, 04 Dec 2008 07:29 (GMT+1)
Descriere actualizata de Alexander Neth la Thu, 04 Dec 2008 08:27 (GMT+1)
»
About Malware
»
About Phishing
»
Viruses In the Wild
« back
Print this page
HEUR/HTML.Malware
HTML/Infected.WebPage.Gen
HTML/Crypted.Gen
TR/Crypt.XPACK.Gen2
TR/Rootkit.Gen
PCK/NSIS.M
PCK/Dumped
PCK/Repacked
PCK/MEW
PCK/UPACK
Get comfortable up to the minute info from Avira as
Detects and removes distinct malware and its variants.
Download here
Click
here
to get the panel...
© 2010 Avira GmbH
Copyright
|
Privacy
|
Sitemap
|
Feedback
|
Imprint
|
FAQ
|
Contact
Virus Info BDS/McMaggot.A
Print this page
.gif)
