|
Details:
This backdoor program is usually dropped by PE_SALITY.AE.
Once registered, this backdoor program inserts its process in all running processes of an affected machine.
This is Trend Micro's detection for a .DLL file used by other malware programs in performing their malicious routines. One of the said routines include searching for an Internet connection by accessing a valid Microsoft Web site. If there is an Internet connection, this backdoor then attempts to download possibly malicious files from the Internet.
It opens a random port and awaits for commands, which it executes locally, from a remote malicious user.
It runs on Windows 98, ME, NT, 2000, XP, and Server 2003.
Analysis By: Alejandro Manalo
For additional information about this threat, see:
Overview
Solution
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
