OpenBCM V1.13 (Linux)

Packet Radio Mailbox

DB0FHN

[JN59NK Nuernberg]

 Login: GUEST





  
M1CUK  > INFO     13.12.02 03:51l 90 Lines 2441 Bytes #999 (0) @ WW
BID : 822795M1CUK
Read: DB0FHN GUEST
Subj: virus info / update
Path: DB0FHN<DB0ZWI<DB0CHZ<DB0ERF<DB0FBB<DB0GOS<DB0ACC<ON0RAT<ON5VL<LX0HST<
      HA3PG<ON0BEL<GB7FCR
Sent: 021207/0150Z @:GB7FCR.#16.GBR.EU #:32523 [Blackpool] FBB-7.03a $:822795M1
From: M1CUK@GB7FCR.#16.GBR.EU
To  : INFO@WW


Backdoor Trojan - TROJ_FLOOD.BI.DR 

TROJ_FLOOD.BI.DR is a backdoor Trojan package that drops and installs a
multi-component backdoor in the System directory. 

The dropped multi-component backdoor allows malicious users to remotely
take control of infected systems.

This backdoor package can force infected systems to behave as FTP servers,
allowing remote users to upload and download files to and from infected
machines. 

It also contains IRC scripts that may be used to launch a Distributed
Denial of Service (DDoS) attack. With the scripts installed, malicious
users can manipulate infected systems into flooding certain targets within
IRC by continuously pinging these targets.

This Trojan arrives as an Installation/Setup program, and runs on Windows
9x, ME, 2000, and XP. Upon execution, it creates the folder, STDE9, in the
Windows system directory and then drops the following files in the created
folder: 

      SVCHOST32.EXE 
      BOOTDRV.DLL
      EXPLORE.DAT
      EXPLORER.EXE
      EXPLORE.EXE
      IISCACHE.DLL
      WEB.SWF
      LIBPARSE.EXE
      NAVDB.DBX
      PSEXEC.EXE
      RCFG.INI
      RCONNECT.EXE
      RCONNECT.CONF
      STR.VXD
      SECURE.BAT
      V32DRIVER.BAT 

It then creates the folder, www, in STDE9. The following files, which are
dropped in the www folder, are IRC scripts that allow sharing of files via
mIRC: 


      www\MDX.DLL
      www\MOO.DLL
      www\VIEWS.MDX
      www\WEBSERV.MRC
      www\HTDOCS
      www\htdocs\README.HTM
      www\htdocs\SHIK.GIF
      www\WWWLOGS 

This Trojan dropper also creates a registry entry so that one of its
dropped files, EXPLORER.EXE, automatically executes at every Windows
startup.

-----------------------------------------------------------------------

10 Most Prevalent In-the-Wild Malware 
(week of: November 25, 2002 to December 1, 2002)

  1.. WORM_KLEZ.H 
  2.. WORM_BUGBEAR.A 
  3.. WORM_OPASERV.A 
  4.. WORM_OPASERV.E 
  5.. WORM_OPASERV.F 
  6.. WORM_OPASERV.G 
  7.. WORM_OPASERV.H 
  8.. JS_EXCEPTION.GEN 
  9.. PE_FUNLOVE.4099 
  10.. WORM_OPASERV.D 

-----------------------------------------------------------------------


73's 
    Trev,
    SysOp GB7FCR 
    E-Mail trev@gb7fcr.co.uk	
    Web Site http://www.gb7fcr.co.uk
    AX25 - tcp/ip - Telnet - axip - RF & Internet Linked System's
    Message timed: 00:51 on 07 Dec 02
    Message sent using WinPack-Telnet V6.80
    


Read previous mail | Read next mail


 05.07.2026 05:42:52lGo back Go up