BKDR_EMBED.W - Description and solution

BKDR_EMBED.W

Overview

Aliases: Backdoor.Win32.Small.ky (Kaspersky), BackDoor-CZL (McAfee), Backdoor.Nithsys (Symantec), BDS/Small.KY.2 (Avira), Troj/Small-BNQ (Sophos), Backdoor:Win32/Okupok.A.dll (Microsoft)

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:
Damage potential:		High
Distribution potential:		Low

Description:

Using a random port, this backdoor connects to the Internet Relay Chat (IRC) server, 6004.ugly.as. It then joins a certain channel where it listens and waits for the following commands from a remote malicious attacker:

Download and execute files
Upload files
Send stolen system information

It also drops a DLL component named systhin.dll. This backdoor injects the DLL component to running applications to stay memory-resident.

For additional information about this threat, see:
Solution
Technical Details

Description created: Apr. 24, 2006 12:00:00 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.