|
Description:
This memory-resident backdoor program may arrive on a system as a downloaded file of WORM_MYDOOM.BB or WORM_NETSKY.B. This MYDOOM worm usually downloads this backdoor program from an online game discussion site located in California.
This backdoor attempts to connect to an Internet Relay Chat (IRC) server. It listens to random ports and waits for a connection from a remote user. Once a connection is established, the remote user obtains virtual control over the compromised system. This enables the remote user send to send malicious commands that this backdoor issues locally on the affected system, such as the following:
- Download a file
- Update itself
- Uninstall itself
This backdoor also prevents affected users from accessing Web sites, most of which are related to security and antivirus companies. It does this by modifying the system's HOSTS file, adding entries that redirects users to the local machine whenever the user accesses the said Web sites.
For additional information about this threat, see:
Solution
Technical Details
Description created: Feb. 16, 2005 7:29:13 PM GMT -0800
Description updated: Feb. 22, 2005 1:45:22 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
