| Description:
|
Details
Backdoor.Tripod
This backdoor program obtains a file from the Internet and spawns it on a victim's machine in hidden mode. Upon being run, the backdoor copies itself to Wthe indows system directory with the IESTUB32.EXE name and registers itself in system registry in the auto-run section:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
It then, depending on the current date, loads the file WELCOME.GIF from http://members.tripod.com Web site, stores it in the Windows temporary directory with the UNINST32.EXE name and spawns it. The UNINST32.EXE program's behavior is unknown and depends only on a backdoor author's needs. |
