Bla 1.0
Performs these functions:
|
· Overview ·
|
Overview |
|
Summary: |
Treacherous Performs these functions:
|
Alias: |
Backdoor.BLA, Backdoor.BLA.51, Backdoor.BLA.51.b, Backdoor.BLA.53, Trojan.PSW.Blaver.a |
Category: |
RAT: A Remote Administration Tool, or RAT, is a Trojan that when run, provides an attacker with the capability of remotely controlling a machine via a ""client"" in the attacker's machine, and a ""server"" in the victim's machine. Examples include Back Orifice, NetBus, SubSeven, and Hack'a'tack. What happens when a server is installed in a victim's machine depends on the capabilities of the trojan, the interests of the attacker, and whether or not control of the server is ever gained by another attacker -- who might have entirely different interests. Infections by remote administration Trojans on Windows machines are becoming as frequent as viruses. One common vector is through File and Print Sharing, when home users inadvertently open up their system to the rest of the world. If an attacker has access to the hard-drive, he/she can place the trojan in the startup folder. This will run the trojan the next time the user logs in. Another common vector is when the attacker simply e-mails the trojan to the user along with a social engineering hack that convinces the user to run it against their better judgment. Password Capture: A variant of the Key Logger that captures passwords as they are entered or transmitted. Some password capture trojans impersonate the login prompt, asking the user to provide their password. |
Variants: |
|
Similar Pests: |
RAT · Password Capture |
Origins |
|
Author: |
8Lue Fr3d, |
By This Author: |
Bla 1.0 · Bla 1.1 · Bla 2.0 · Bla 4.0 · Bla 5.01 · Bla 5.03 |
Programming Language: |
Client written in Delphi, server in Borland C++ |
Date of Origin: |
Variants from November, 1998 to September, 2001 |
Place of Origin: |
France |
Distribution |
|
Prevalence: |
|
Clot Factor: |
The "Clot Factor" is a measure of how much a pest "gums up" a machine by adding registry entries, files, and directories. As more objects are placed in a machine, manual removal becomes more difficult and more error-prone. |
Countries Affected: |
In the past three months, we have received reports of BLA in Argentina, United States. |
Operation |
|
Default Port: |
666 TCP; Bla 4.0: 22456, 22457 TCP More info about ports. |
Storage Required: |
|
Restart: |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "system" Autostarting Pests |
ScreenShot: |
|
Bla 1.0
Bla 2.0
Bla 5.01
Caption
Bla 5.03
Risks |
|
Detection Issues: |
Difficult to detect by design. May hide from process list. May install with variable names in variable locations. |
Detection and Removal |
|
Automatic Removal: |
|
Manual Removal: |
Follow these steps to remove BLA from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake. |
| Stop Running Processes: Kill these running processes with Task Manager: | |
| Unregister DLLs: Unregister these DLLs with Regsvr32, then reboot: | |
| Remove Files: Remove these files (if present) with Windows Explorer: | |
Research |
|
File Analyses: |
|
More Info: |
|
Research By: |
|
Last Revised: |
April 15, 2005 |
PestPatrol detects this.