Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Jan 8th, 2009, 12:28pm
   Mischel Internet Security Forum
   Malware
   Trojans (Moderators: Helena, Gavin_Coe, Magnus)
   Sysbug.A, Psshutdown.A, Randex.BF and Dialer.CB. 		« Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: Sysbug.A, Psshutdown.A, Randex.BF and Dialer.CB.  (Read 538 times)
Ian
Stole All the Forum Stars
********



Good things come to those who wait ...

   


Posts: 2913
Sysbug.A, Psshutdown.A, Randex.BF and Dialer.CB.
« on: Dec 13th, 2003, 3:07pm »		 Quote Quote  Modify Modify
Four completely different examples of malicious code: Sysbug.A, Psshutdown.A, Randex.BF and Dialer.CB.  

Sysbug.A is a Trojan which has been massively distributed by e-mail in a message with the subject "Re[2]:Mary" and an attached file called PRIVATE.ZIP. This is a compressed file (ZIP format) which contains a file with a double extension called WENDYNAKED.JPG.EXE.
 
Sysbug.A steals confidential data from infected computers. This includes passwords for mail accounts, mail servers (SMTP and POP3), newsgroups, dial-up accounts, etc. The Trojan then saves this information to a file and sends it to a hacker. Sysbug.A also opens the TCP port 5555 waiting for the hacker's commands. It finally accesses the address finance.red-host.com and makes GET/POST requests to two Perl scripts.
 
Psshutdown.A is a hacking tool that allows a hacker to shut down or restart the victim's computer (similarly to the Unix "shutdown" command). Restarting the computer could cause loss of all the information that has not been saved. Psshutdown.A can be used by several worms and Trojans with
malicious intentions.
 
Randex.BF is a worm with Trojan features that spreads across networks. It generates random IP addresses and attempts to connect to them, using typical or easy-to-guess passwords. If it succeeds to do so, the worm copies itself to the computers it has gained access to. Randex.BF also joins the channel #goep in the IRC server opqleure.qopmafia.net waiting for remote control commands (such as Ntscan and Sysinfo).
 
Dialer.CB is a dialer that connects to the Internet and downloads files that it then saves to a directory. It also creates four files (2_INFO_PERSIST, NAVPMC.DLL, NAVPMC.EXE and UNINSTALL.EXE) in the Windows NAVPMC subfolder. In addition, Dialer.CB creates four entries in the Windows Registry.
« Last Edit: Dec 13th, 2003, 3:09pm by Ian » IP Logged
... but crap arrives pretty much straight away.
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register