English
Log in
Search
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

HomeDescriptionsBackdoor.Win32.Wootbot.gen

Backdoor.Win32.Wootbot.gen

Detected Dec 17 2007 08:46 GMT
Released Dec 17 2007 08:46 GMT
Published Feb 14 2005 10:38 GMT

This is a description which has been automatically generated following analysis of this program on a test machine. This description may contain incomplete or inaccurate information.

Summary


Technical details

The main file is a Windows application (PE EXE file). File size of 137728 bytes. The file was packed using a special compression utility. Compression can be used for a number of reasons, including for legitimate programs. However, virus writers frequently use it to bypass antivirus protection and to make it difficult for virus analysts to analyze compressed programs Packed Morphine, UPX.


Installation

Copies itself once launched

Ensures Using the system registry, system services or special system files, the program can launch itself or launch the creation of its files every time the Windows OS is subsequently booted autorun of installed files:

by writing to autorun keys in the system registry

using system services


Malicious activity

Receives After a command from a cybercriminal, the program performs its malicious functions, for example, performing network attacks on internet sites, distributing spam and other malicious programs, or deleting a user's files. Those using this type of malicious program frequently make use of botnets (networks of infected computers which cybercriminals control centrally in order to carry out malicious activities.
Read more details here: http://www.viruslist.com/en/analysis?pubid=204792003remote commands from cybercriminal:

via connection to Receives commands from cybercriminals using IRC (Internet Relay Chat). After the malicious program is launched, it calls a specific IRC server and establishes contact with the cybercriminal, receives commands and passes on messages in responseIRC server

Steals confidential user information from A malicious program designed to steal user information related to banking and electronic payment systems and bank cards. The information is sent to a cybercriminal via email, ftp, the web or other methods.
Read more details here: http://www.viruslist.com/en/analysis?pubid=204792037the following banks, financial institutions, payment systems:

  • PayPal


Other activities

Runs specific files (commands)

Deletes specific files onfrom the victim machine



Print
Bookmark and Share
Share
Trojans
Backdoor

Backdoors are designed to give malicious users remote control over an infected computer. In terms of functionality, Backdoors are similar to many administration systems designed and distributed by software developers.

These types of malicious programs make it possible to do anything the author wants on the infected computer: send and receive files, launch files or delete them, display messages, delete data, reboot the computer, etc.

The programs in this category are often used in order to unite a group of victim computers and form a botnet or zombie network. This gives malicious users centralized control over an army of infected computers which can then be used for criminal purposes.

There is also a group of Backdoors which are capable of spreading via networks and infecting other computers as Net-Worms do. The difference is that such Backdoors do not spread automatically (as Net-Worms do), but only upon a special “command” from the malicious user that controls them.


Aliases

Backdoor.Win32.Wootbot.gen (Kaspersky Lab) is also known as:

  • Virus: W32/Sdbot.worm (McAfee)
  • Mal/Krap-K (Sophos)
  • Trojan.IRCBot-2228 (ClamAV)
  • Heuristic.WinPE-Statistical (Panda)
  • W32/Wootbot.A.gen!Eldorado (FPROT)
  • Trojan:Win32/Sisproc (MS(OneCare))
  • Win32.IRC.Bot.based (DrWeb)
  • Win32/Agobot trojan (Nod32)
  • Packer.Pohernah.C (BitDef7)
  • Packed/Pohernah (VirusBuster)
  • Win32:WootBot-GS [Trj] (AVAST)
  • Backdoor.Win32.ForBot.ad (Ikarus)
  • Backdoor.Rbot.ap (AVG)
  • BDS/Backdoor.Gen (AVIRA)
  • Trojan Horse (NAV)
  • W32/SDBot.CATU (Norman)
  • BKDR_RBOT.CXV (PCCIL)
  • Backdoor.Win32.Wootbot.ei (Rising)
  • Backdoor.Win32.Wootbot.gen [AVP] (FSecure)
  • BKDR_RBOT.CXV (TrendMicro)
  • Trojan.Win32.Generic!BT (Sunbelt)
  • Packed/Pohernah (VirusBusterBeta)

© 1997-2010 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.

kaspersky.com

Products

eStore

Threats

Downloads

Support

Partners

About Us

Search

securelist.com

Threats

Analysis

Blog

Descriptions

Glossary

RSS feeds

Contacts

Search