Weekly Virus Report - Look at 3 Trojans and 2 Slapper Versions
Posted on 27.09.2002
This week's virus report looks at three Trojans and two variants of Linux/Slapper

The first Trojan we will refer to today is Bck/RBackdoor, which, by default, opens communication port 4820 and assigns the password "redkod" to communications. When Bck/RBackdoor reaches a computer, it goes memory resident and waits for a Telnet connection -or a connection carried out with a similar program- to be established. Furthermore, Bck/Rbackdoor inserts an entry in the affected computer's Windows Registry in order to ensure it is run every time Windows is started up, and saves a file that contains the Trojan's code to the system.

The second Trojan is Trj/Nidra, which modifies the system configuration in order to activate every time a file with an EXE or TXT extension is run. When Trj/Nidra activates, it creates a process in memory which might cause affected computers to slow down. Finally, it saves two copies of itself - NOTEPAD.EXE and WINNDOW386.EXE- to the Windows system directory.

Trj/Nidra modifies several Windows Registry entries and creates others in order to ensure it is run every time the system is started up. Once Trj/Nidra has carried out its actions, it displays a message on screen.

The last Trojan we will deal with today is Inwi (Trj/Inwi), which, like the previous one, makes changes in the system to ensure that it is run every time a file with an .EXE or .TXT extension is opened. This Trojan also creates several files in the computer, including copies of itself, in order to steal data from the affected computer and send it to a certain e-mail address. Finally, the Trojan changes the Internet Explorer settings, including the default URL.

We will finish today's report with two variants (B and C) of Linux/Slapper, which appeared at the beginning of this week. Like their predecessor, these two new worms use a known buffer overflow vulnerability in the OpenSSL component of Apache Web servers installed on certain Linux distributions (some versions of Mandrake, SuSe, Slackware, RedHat, Debian and Gentoo). However, they differ from Linux/Slapper in the UDP port number they use to carry out attacks on affected computers (Linux/Slapper.B uses port UPD 1978 and Linux/Slapper.C port UPD 4156), and the Linux distributions subject to infection.





Spotlight

Successful strategies to avoid frequent password changes

Posted on 19 August 2014.  |  After a widespread, nonspecific data breach, the conventional wisdom is that people should change all their passwords. But, there’s a better way.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Aug 20th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //