backdoor.nickse
Webroot Antivirus: The best protection against viruses, spyware data theft and hackers.
Description:
Details
Backdoor.Nickser
Nickser is a backdoor trojan program. The trojan itself is a Windows PE EXE file about 136KB in length (when compressed by TeLock, the decompressed size is about 270KB). It is written in Microsoft Visual C++.
When run the backdoor copies itself under the name lsass.exe name to the Windows directory and registers itself in the system registry auto-run key:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UserInitialization = %WinDir%\lsass.exe
Nickser then reads its "master's" instructions from an encrypted script file located on the Web at http://go.xmain.da.ru.
The backdoor routine performs the following actions:
- gets a file from requested URL
- runs a command or specified local file
- performs DoS attack to requested victim address
- terminates itself
- joins IRC channel
- opens local drives as FTP site
- e.t.c.
Copyright @2006 backdoor.nickse