backdoor.cabrotor.10.
Webroot Antivirus: The best protection against viruses, spyware data theft and hackers.
Description:
Details
Backdoor.Cabrotor.10.a
Cabrotor is backdoor trojan program (it is a hidden remote control trojan). The trojan itself is a Windows PE EXE file written in Delphi.
The original trojan package contains three main executable files:
CaBrONaToR.exe - client to send commands to remote server
CaBrONeDiT.exe - server editor to modify default server settings
8======D.exe - server (trojan itself)
When run the backdoor code copies itself to the Windows directory and registers itself in the system registry in the auto-run section. In different backdoor versions the backdoor EXE name and registry keys are different. The known variant has:
EXE name:
ASDAPI.EXE
The registry key entries it makes are:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
Key name:
LoadPowerProfile
The trojan then opens a connection to its master's IRC channel and waits for its master's commands.
The backdoor program performs following commands:
reports computer info (Windows version, CPU type, UserName, CompanyName e.t.c.)
open/closes CD drive
reports directories and file names in there
runs a local file or executes a command
sends information: RAS, MS Messenger and .NET services
exits Windows - downloads a requested file
performs DoS attack to requested victim address
terminates itself
Copyright @2006 backdoor.cabrotor.10.