Malware type: Backdoor

Aliases: No Alias Found

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Description: 

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

Malware Overview

This backdoor arrives as an attachment to email messages spammed by another malware or a malicious user.

It may be downloaded from remote sites by other malware. It may be downloaded unknowingly by a user when visiting malicious Web sites.

It drops a file detected by Trend Micro as TROJ_ROOTKIT.FX.

It installs its dropped Trojan as a service to ensure automatic execution at every system startup. As a result, malicious routines of the dropped file are exhibited on the affected system.

It opens random TCP ports to connect to a certain remote site to send and receive information, as well as to listen for commands from a remote user.

For additional information about this threat, see:
Solution
Technical Details

Description created: Sep. 25, 2008 6:25:27 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.