|
|
Backdoor.Cabrotor.10. Viruses Information
| Name: |
Backdoor.Cabrotor.10. |
| Category: |
Viruses |
| Description:
|
Details
Backdoor.Cabrotor.10.a
Cabrotor is backdoor trojan program (it is a hidden remote control trojan). The trojan itself is a Windows PE EXE file written in Delphi.
The original trojan package contains three main executable files:
CaBrONaToR.exe - client to send commands to remote server
CaBrONeDiT.exe - server editor to modify default server settings
8======D.exe - server (trojan itself)
When run the backdoor code copies itself to the Windows directory and registers itself in the system registry in the auto-run section. In different backdoor versions the backdoor EXE name and registry keys are different. The known variant has:
EXE name:
ASDAPI.EXE
The registry key entries it makes are:
HKLMSoftwareMicrosoftWindowsCurrentVersionRun HKLMSoftwareMicrosoftWindowsCurrentVersionRunServices
Key name:
LoadPowerProfile
The trojan then opens a connection to its master's IRC channel and waits for its master's commands.
The backdoor program performs following commands:
reports computer info (Windows version, CPU type, UserName, CompanyName e.t.c.)
open/closes CD drive
reports directories and file names in there
runs a local file or executes a command
sends information: RAS, MS Messenger and .NET services
exits Windows - downloads a requested file
performs DoS attack to requested victim address
terminates itself
|
Top Viruses Visited Pages:
Invader. - 231 visits
not-a-virus:RiskWare.Tool.RegPatch. - 69 visits
Worm.P2P.Harex. - 63 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 55 visits
Small.58. - 55 visits
Coito.64 - 53 visits
I-Worm.Mapson. - 45 visits
Win32.Hidra - 41 visits
Win16.Klon.1177 - 40 visits
Marine.500 - 34 visits
Random Viruses Pages:
Freddy.227
AngryBoy.213
I-Worm.Rasta
DSME.Connie.270
Lemming.202
TPVO.334
Urfin.31
Search.30
Win95.Bumble.173
Macro.Word97.Afet
|
|
