BackDoor 2.0
|
· Overview ·
|
Overview |
|
Summary: |
A working name for some new Trojan or RAT that has not yet been fully identified. Also the name of a specific RAT: Remote access/admin tool and trojan. Many features. Deletes all files and subdirectories within the directory from which it is run. |
Alias: |
April_1st.Exe [Kaspersky], Backdoor.Inuk, Backdoor.Notpa, Backdoor.Zemac.a, Backdoor.Zemac.b, Backdoor.Zemac.c, Backdoor.Zemac.d, contains Suriv_2.1488.C (non-working) [F-Prot], destructive program [F-Prot], MultiDropper-E [McAfee], Nomenklatura [McAfee], Nomenklatura.1024.A [F-Prot], Nomenklatura.a [Kaspersky], Quit [McAfee], Quit.555.a [Kaspersky], Quit.555.B [F-Prot], Suriv.1488 [McAfee], Trojan.AOL.PS.ej [Kaspersky], TrojanDropper.Win32.EliteWrap.103 [Kaspersky] |
Category: |
RAT: A Remote Administration Tool, or RAT, is a Trojan that when run, provides an attacker with the capability of remotely controlling a machine via a ""client"" in the attacker's machine, and a ""server"" in the victim's machine. Examples include Back Orifice, NetBus, SubSeven, and Hack'a'tack. What happens when a server is installed in a victim's machine depends on the capabilities of the trojan, the interests of the attacker, and whether or not control of the server is ever gained by another attacker -- who might have entirely different interests. Infections by remote administration Trojans on Windows machines are becoming as frequent as viruses. One common vector is through File and Print Sharing, when home users inadvertently open up their system to the rest of the world. If an attacker has access to the hard-drive, he/she can place the trojan in the startup folder. This will run the trojan the next time the user logs in. Another common vector is when the attacker simply e-mails the trojan to the user along with a social engineering hack that convinces the user to run it against their better judgment. Backdoor: A secret or undocumented means of getting into a computer system, or software that uses such a means to penetrate a system. Some software has a backdoor placed by the programmer to allow them to gain access to troubleshoot or change the program. Software that is classified as a "backdoor" is designed to exploit a vulnerability in a system, and open it to future access by an attacker. Exploit: A way of breaking into a system. An exploit takes advantage of a weakness in a system in order to hack it. Exploits are the root of the hacker culture. Hackers gain fame by discovering an exploit. Others gain fame by writing scripts for it. Legions of script-kiddies apply the exploit to millions of systems, whether it makes sense or not. Since people make the same mistakes over-and-over, exploits for very different systems start to look very much like each other. Most exploits can be classified under major categories: buffer overflow, directory climbing, defaults, Denial of Service. Trojan: Any program with a hidden intent. Trojans are one of the leading causes of breaking into machines. If you pull down a program from a chat room, new group, or even from unsolicited e-mail, then the program is likely trojaned with some subversive purpose. The word Trojan can be used as a verb: To trojan a program is to add subversive functionality to an existing program. For example, a trojaned login program might be programmed to accept a certain password for any user's account that the hacker can use to log back into the system at any time. Rootkits often contain a suite of such trojaned programs. Virus Creation Tool: A program designed to generate viruses. Even early virus creation tools were able to generate hundreds or thousands of different, functioning viruses, which were initially undetectable by current scanners. |
Variants: |
|
Similar Pests: |
RAT · Backdoor · Exploit · Trojan · Virus Creation Tool |
Origins |
|
Author: |
ZeMac |
Date of Origin: |
Variants from April, 1997 to May, 2004 |
Distribution |
|
Prevalence: |
|
Clot Factor: |
The "Clot Factor" is a measure of how much a pest "gums up" a machine by adding registry entries, files, and directories. As more objects are placed in a machine, manual removal becomes more difficult and more error-prone. |
Growth: |
|
Operation |
|
Default Port: |
1999, 1003 TCP More info about ports. |
Storage Required: |
|
Restart: |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Key: Notepad(c:\windows\notpa.exe /o=yes) Autostarting Pests |
ScreenShot: |
|
BackDoor 2.0
BackDoor 2.01
BackDoor 2.02
BackDoor 2.03
PestPatrol detects this.