backdoor.death.1
Webroot Antivirus: The best protection against viruses, spyware data theft and hackers.
Description:
Details
Backdoor.Death.18
Backdoor Death is a Trojan horse family. These Trojan programs allow remote, anonymous access to victim computers and permit hackers to steal user passwords. Backdoor Death has three components: server, client and a utility used to set up server components.
Set-up Utility
This utility lets the hacker(s) controlling the backdoor Trojan to configure the server according to their requirements - for example they can: change the file server name, register in the system, make server icons, send email with stolen passwords, alter firewall settings (if victim computers have one installed), and more.
Server Component
Upon sever boot the backdoor code is copied to the system directory according the settings determined by the set-up utility. The server registers itself either in the system registry or in the file system.ini or win.ini directories. In this way the server ensures its code is run upon operating system boot or reboot. The server component is able to determine if any other viruses are currently infecting a victim computer. If one is detected Backdoor.Death shuts it down so that it does not get in the way of updating server components. In addition the server program is able to determine any installed firewall on victim machines, and is able to remove from memory firewall processes so that Backdoor.Death's controllers can transfer information over a network undetected.
Additionally, the server component monitors keyboard activity and records all keys pressed in a log file, which can then be analyzed by the virus' controller. The server component can also steal user login and password information and send this information back to Backdoor.Death's contoller(s) via email - according to the settings chosen in the server setup utility. When connecting to the Internet the server component sends a message to the site http://Idteam.org where the hackers controlling Backdoor.Death can register and see which computers are currently accessible.
Client Component
The Client component allows hackers controlling Backdoor.Death code to connect to the server component and perform an array of actions such as:
- viewing password information cached in the system
- viewing the list of open windows
- manipulating system files (copy, alter, delete and catalog)
- taking screen shots of the desktop
- manipulating the registry
- sending messages to victims or summoning victims for "chatting"
Copyright @2006 backdoor.death.1