|
Description:
This backdoor program arrives via an email supposedly containing a link to a Windows update site. However, the link actually points to a Web site, which automatically downloads and installs this malware into the system.
Upon execution, it drops and then executes a copy of itself in the Windows system folder using any of the following filenames:
- <Randomly chosen .DLL file>.exe
- WIN<Random Text>.exe
It comes with a built-in Internet Relay Chat (IRC) client, which allows it to connect to an IRC channel. It connects to a predefined port and enables a remote user to perform the following actions:
- Create a proxy server on the infected machine
- Delete, download, execute, obtain the MD5 of, and upload files
- Flood a specified IP address
- Load program plugins
- Log keystrokes
- Perform a port scan on the local network
- Perform basic IRC commands
- Redirect TCP traffic in a port to a remote site
- Terminate and uninstall the program
- Visit URLs
For additional information about this threat, see:
Solution
Technical Details
Description created: Aug. 15, 2001 10:00:00 AM GMT -0800
Description updated: Apr. 8, 2005 11:02:14 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
