Homepage tabWindows tabGames tabDrivers tabMac tabLinux tabScripts buttonMobile tabHandheld tabGadgets tabNews tab


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home / News / Security / Virus alerts

Virus alerts

Anyone Looking for Backdoors?

I got one for you

By Bogdan Popa, Security and Search Engines Editor

14th of January 2008, 19:06 GMT

Adjust text size:


I'm sure you'd prefer a clean computer...
Enlarge picture
In case you're one of those who analyzed the new year and observed that 2008 didn't bring us any backdoor, I got one for your: BKDR_ASPROX.B is that kind of infection affecting most Windows versions, including 98, ME, NT, 2000, XP and Server 2003. But, what's worse is that it has a high damage potential, meaning that it can seriously damage the data stored on your computer. And you'll understand that in the next few lines. First of all, let's see how can you get infected. According to security vendor Trend Micro, the backdoor can be dropped by other malware, but it can be also deployed once the vulnerable user visits a malicious website.

The infection process is started with the opening of the port 80, which will then be
used by the backdoor to act as a HTTP proxy, Trend Micro explained. "It then connects to certain sites, and retrieves the connection time for each."

BKDR_ASPROX.B seems to have multiple purposes because, beside acting as a HTTP proxy server, it also gathers e-mail addresses from the affected computer. This is probably done with spamming purposes, because these e-mails can be later used for sending unsolicited messages. Trend Micro notes that all the stolen addresses have to 'satisfy certain conditions', so it probably targets free e-mail services such as Google and Yahoo. We've seen this in the past, so it's probably the same type of e-mail gathering process.

"It uploads specific information to the above-mentioned Web sites, using an HTTP POST command. This backdoor also allows a remote malicious user to perform commands on the affected system", Trend Micro added. "It also retrieves commands and updates from the said sites, by parsing the HTTP page being returned by the server during upload of stolen information. The returned HTTP page is obfuscated. It searches the registry for FTP hosts, user accounts, and passwords."

In case you're a vulnerable user, it may be difficult to remove the infection. So, if you want to remain on the safe side, hurry up and update your antivirus solution with the latest virus definitions released by its vendor.

TAGS:

 security | backdoor | windows | proxy | email
Read by 1,838 user(s) | Add comment | Link to this article TWEET THIS


Article rating:
Fair (2.0/5) 4 vote(s)    

Subscribe to news | Print article | Send to friend

© Copyright 2001-2009 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


How About a Backdoor That Invades Your Browser?

Toxic Backdoor to Poison Your Computer

Destructive Windows XP Backdoor Monitors Your Computer Activity

Man, This Is Smart! A Windows Infection That Gives Remote Control to The Hacker!

One More Piece of Backdoor Affecting Windows XP

You Can Get a Virus from an AIDS Site

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 




Windows tabGames tabDrivers tabMac tabLinux tabScripts tabMobile tabHandheld tabGadgets tabNews tab

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2009 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive