AckCmd

· Overview ·
· Origins ·
· Operation ·
· Risks ·
· Detection and Removal ·
· Research ·

Overview

Vendor Notes:

 What is AckCmd?
AckCmd is a client/server combination for Windows 2000 that lets you open a remote Command Prompt to another system (running the server part of AckCmd). It communicates using only TCP ACK segments. This way the client component is able to directly contact the server component through a firewall in some cases
How do I use this tool?
Download the zip file and extract the client component (ackcmdc.exe) and the server component (ackcmds.exe). The server component has to be executed on the target system. Then run the client component with the target IP supplied as an argument. Now you have a remote Command Prompt.
Which OS's are supported? Windows 2000.
WARNING!
Running the AckCmd server part will create a backdoor into your computer!

Alias:

 Backdoor.AckCmd

Category:

RAT: A Remote Administration Tool, or RAT, is a Trojan that when run, provides an attacker with the capability of remotely controlling a machine via a ""client"" in the attacker's machine, and a ""server"" in the victim's machine. Examples include Back Orifice, NetBus, SubSeven, and Hack'a'tack. What happens when a server is installed in a victim's machine depends on the capabilities of the trojan, the interests of the attacker, and whether or not control of the server is ever gained by another attacker -- who might have entirely different interests. Infections by remote administration Trojans on Windows machines are becoming as frequent as viruses. One common vector is through File and Print Sharing, when home users inadvertently open up their system to the rest of the world. If an attacker has access to the hard-drive, he/she can place the trojan in the startup folder. This will run the trojan the next time the user logs in. Another common vector is when the attacker simply e-mails the trojan to the user along with a social engineering hack that convinces the user to run it against their better judgment.

Variants:
  • Ack Cmd
    		•

    Similar Pests:

    		 RAT

    Origins

    Author:

    		 Arne Vidstrom

    Date of Origin:

    		 April, 2005

    Operation

    ScreenShot:


    AckCmd 1.1

    Risks

    Detection Issues:

    		 Difficult to detect by design. May hide from process list. May install with variable names in variable locations.

    Detection and Removal

    Automatic Removal:

    PestPatrol detects this.

    PestPatrol removes this.

    Research

    More Info:
  • AllTheWeb, AltaVista, AOL Search, Ask Jeeves, Google, HotBot, Lycos, LookSmart, MSN, Yahoo!
    		•

    Research By:
  • PestPatrol's Pest Research Center
    		•

    Last Revised:

    		 April 14, 2005