|
Description:
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
When run, it drops several files that are also detected as BKDR_HAXDOOR.MX. It makes multiple registry changes that allow it to run at every system startup, even if the system starts in Safe Mode.
It downloads a file that contains HTML codes that are used by the malware to fake legitimate financial related websites. This file also contains a list of targeted bank-related Web sites to monitor from which it steals information.
It also opens several TCP ports that allow remote users to connect to the affected machine and perform the following commands:
- execute files
- steal information
- upload and download files
Any stolen data is sent to a specific Web server via HTTP POST.
For additional information about this threat, see:
Solution
Technical Details
Description created: Oct. 12, 2008 1:56:27 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
