backdoor.katien.
Webroot Antivirus: The best protection against viruses, spyware data theft and hackers.
Description:
Details
Backdoor.Katien.a
Katien is a backdoor trojan program. The trojan itself is a Windows PE EXE file about 50KB in length and written in Microsoft Visual C++.
Once executed the backdoor program registers itself in the system registry auto-run section:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
The key name depends on the backdoor variant:
TaskReg = %trojan file name% Service = %trojan file name%
Once this is done Katien then opens a backdoor connection and waits for its master's (person controlling the Trojan program) commands. The Katien backdoor program performs just a few commands:
gets a file from a requested URL
runs a command or specified local file
performs a DoS attack on the requested victim address
terminates itself
The backdoor program has copyright strings (lines) depending on the backdoor variant:
Voyager Alpha Force: Age of Kaiten
Kaiten Win32 API version: contem@efnet
Copyright @2006 backdoor.katien.