This page shows details and results of our analysis on the malware Backdoor-DKT

Download Current DAT

Threat Detail

  • Malware Type: Trojan
  • Malware Sub-type: Remote Access
  • Protection Added: 2007-02-02

-- Update February 2, 2007--
This threat is considered to be a Low-Profiled risk due to media attention at:

An EXTRA.DAT for Backdoor-DKT is currently available via the Extra.dat Request Page.

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc. This trojan will be downloaded when exploited the MS07-004 vulnerability, visiting the SuperBowl 2006 webpage (The Dolphin Stadium website).

Minimum Engine


File Length


Description Added


Description Modified


Malware Proliferation

This backdoor is a trojan dropped by a Generic Dropper malware. The original malware was hidden on a webpage of the SuperBowl (The Dolphin Stadium website). An iframe would lead the user to another website which would try to exploit the MS07-004 vulnerability and download the dropper component.

When the dropper is downloaded it will install the backdoor as a service of name MSMGS.EXE.
The backdoor will communicate with remote website to get instructions, and expect the following responses:
- insert OK
- update OK
So it can update itself and send information. A new service will be created in the machine, called MSMSGS.EXE, spoofing the company name as Kaspersky Lab.

This variant will be dropped by a Generic Dropper.p, which will be downloaded from an exploitation of MS07-004, which can be triggered visiting special crafted webpages.

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.