- Malware Type: Trojan
- Malware Sub-type: Remote Access
- Protection Added: 2010-04-21
When the server component is executed on the user's machine, the malware will open a preconfigured port and wait for an incoming connection from the attacker.
The malware will also send a notification to the attacker about the victim's IP address & the port on which the malware is listening on. Once the attacker has this info, he can remotely connect to the victim using the client component.
Server Editor Component:
The server editor component is used by the attacker to edit/create the server component.
The following are some of the functions available for the server editor component:
- Change the filename of the server component
- Choose from a range of notification methods (Email, FTP etc)
This is used to notify the attacker about the victims name and IP address, so the attacker
can remote connect to the victim
- Change the port number on which the Trojan listens to, for incoming connections
- Choose a startup method, so the malware can automatically execute when the machine is rebooted
Given below are some screenshots of the server editor component:
The client component runs on the attackers computer, and connects to the server component on the victims machine remotely.
The following are a list of some of the functions that are available to the attacker:
- Process Manager (List, kill running processes)
- File Manager (List, upload, download, delete)
- Open a chat box and chat with the victim
- Pranks played on the victim (Opening and closing CD-Rom, play videos/sounds)
- Read/Modify contents of the clipboard
- Desktop logoff, reboot or shutdown
Given below is a screenshot of the client component of the remote access trojan:
A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.
Distribution channels include IRC, peer-to-peer networks, email, newsgroups postings, etc.