Internet threat level: 1
Home→Descriptions→Backdoor.Win32.Agent.jn
Backdoor.Win32.Agent.jn
| Detected | Aug 28 2009 09:25 GMT |
| Released | Aug 28 2009 13:29 GMT |
Summary
Technical details
The main file is a Windows application (PE EXE file). File created using Development tools used to create the programthe compiler "Borland Delphi". File size of 177664 bytes.
Installation
Ensures Using the system registry, system services or special system files, the program can launch itself or launch the creation of its files every time the Windows OS is subsequently booted autorun of installed files:
by writing to autorun keys in the system registry
Malicious activity
Receives
After a command from a cybercriminal, the program performs its malicious functions, for example, performing network attacks on internet sites, distributing spam and other malicious programs, or deleting a user's files. Those using this type of malicious program frequently make use of botnets (networks of infected computers which cybercriminals control centrally in order to carry out malicious activities.
Read more details here: http://www.viruslist.com/en/analysis?pubid=204792003remote commands from cybercriminal:
via connection to Receives commands from cybercriminals using IRC (Internet Relay Chat). After the malicious program is launched, it calls a specific IRC server and establishes contact with the cybercriminal, receives commands and passes on messages in responseIRC server
Steals confidential user information from
A malicious program designed to steal accounts (login and password) from instant messaging clients pagers (e.g., ICQ, MSN Messenger, Yahoo Pager, QQ, Skype, etc.). The information is sent to a cybercriminal via email, ftp, the web or other methods. The stolen accounts can be sold or used to spread other malicious programs.
Read more details here: http://www.viruslist.com/en/analysis?pubid=204792005the following internet pagers:
- MSN Messenger
Connects to specific Internet addresses
Creates unique identifiers to flag its presence in the system
Other activities
Runs specific files (commands)
Modifies certain system registry keys
Deletes specific files onfrom the victim machine
Backdoors are designed to give malicious users remote control over an infected computer. In terms of functionality, Backdoors are similar to many administration systems designed and distributed by software developers.
These types of malicious programs make it possible to do anything the author wants on the infected computer: send and receive files, launch files or delete them, display messages, delete data, reboot the computer, etc.
The programs in this category are often used in order to unite a group of victim computers and form a botnet or zombie network. This gives malicious users centralized control over an army of infected computers which can then be used for criminal purposes.
There is also a group of Backdoors which are capable of spreading via networks and infecting other computers as Net-Worms do. The difference is that such Backdoors do not spread automatically (as Net-Worms do), but only upon a special “command” from the malicious user that controls them.
Backdoor.
- Virus:
W32/Opanki. gen (McAfee) - Mal/EncPk-DV (Sophos)
- Malicious Packer (Panda)
- W32/Heuristic-400!Eldorado (FPROT)
- Trojan:
Win32/Ircbrute (MS(OneCare)) - BackDoor.
Oscar (DrWeb) - unpack error (Nod32)
- Backdoor.
Agent. JMPL (VirusBuster) - Win32:
Trojano-1329 [Trj] (AVAST) - Win32.
SuspectCrc (Ikarus) - Backdoor.
Agent. YWB (AVG) - TR/Crypt.
XPACK. Gen (AVIRA) - W32.
Allim (NAV) - Malware.
gen1 (Norman) - W32/Opanki.
gen (NAI) - Backdoor.
Agent. ZL (Rising) - Backdoor.
Win32. Agent. jn [AVP] (FSecure) - Trojan.
Win32. Generic!BT (Sunbelt) - Backdoor.
Agent. JMPL (VirusBusterBeta)
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.