|Detected||Sep 07 2005 23:21 GMT|
|Released||Sep 07 2005 23:21 GMT|
|Published||Sep 23 2005 09:50 GMT|
This Trojan program makes it possible for a remote malicious user to control the victim machine. The program itself is a Windows PE EXE file approximately 290KB in size.
Once launched, the program copies itself to the Windows system directory as "winsN2S.exe"
It then registers this file in the system registry, ensuring that the Trojan will be launched each time Windows is rebooted on the victim machine:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] [HKCU\Software\Microsoft\OLE] [HKCU\System\CurrentControlSet\Control\Lsa] [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] [HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices] [HKLM\Software\Microsoft\OLE] [HKLM\System\CurrentControlSet\Control\Lsa] [HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices] "Windows NetStart Service2" = "winsN2S.exe"
This backdoor program provides a remote malicious user with full control over the infected machine, making it possible to upload and launch files, view the list of active processes, terminate processes, conduct DoS attacks, launch a proxy server on the victim machine, and receive information about the infected system, including mail protocol configuration, passwords entered via the keyboard, screenshots and other information.
Backdoors are designed to give malicious users remote control over an infected computer. In terms of functionality, Backdoors are similar to many administration systems designed and distributed by software developers.
These types of malicious programs make it possible to do anything the author wants on the infected computer: send and receive files, launch files or delete them, display messages, delete data, reboot the computer, etc.
The programs in this category are often used in order to unite a group of victim computers and form a botnet or zombie network. This gives malicious users centralized control over an army of infected computers which can then be used for criminal purposes.
There is also a group of Backdoors which are capable of spreading via networks and infecting other computers as Net-Worms do. The difference is that such Backdoors do not spread automatically (as Net-Worms do), but only upon a special “command” from the malicious user that controls them.