Backdoor.SubSeven is a Trojan horse, similar to Netbus or Back Orifice. It enables unauthorized people to access your computer over the Internet without your knowledge. When the server portion of the program is running on a computer, it is possible for the person who is accessing the computer remotely to do the following:
· Set it up as an FTP server
· Browse files on that system
· Take screen shots
· Capture real-time screen information
· Open and close programs
· Edit information in currently running programs
· Show pop-up messages and dialog boxes
· Hang up a dial-up connection
· Restart a computer remotely
· Open the CD-ROM
· Edit registry information
When it is run, BackDoor.Subseven makes the following changes to the system:
· Drops (adds) a copy of itself and a randomly named executable file, such as Eutccec.exe, to the \Windows or \Windows\System folder.
· Adds the dropped file to the load= and run= lines of the Win.ini file.
· Adds the dropped file name to the shell=explorer.exe line of the System.ini file.
· Creates the WinLoader value and sets it equal to the dropped file name in the following registry keys.
· Modifies the (Default) value from "%1" %* to, for example, eutccec.exe "%1" %* in the following registry keys:
HKEY_LOCAL_MACHINE\Software\Classes\
exefile\shell\open\command
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Run
Monday, January 18, 2010
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment