Trilight Zone Forum Index Trilight Zone
Privacy & Anonymity is our specialty !
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Backdoor.Win32.Nanspy.f

 
Post new topic   Reply to topic    Trilight Zone Forum Index -> Security
Author Message
thedark
Second Lieutenant


Joined: 30 Jul 2005
Posts: 1074

PostPosted: Sat Jul 30, 2005 2:37 pm    Post subject: Backdoor.Win32.Nanspy.f Reply with quote
This backdoor program is written in Delphi, and packed using UPX. The file is 211520 bytes in size.

The backdoor copies itself to the system directory as spools.exe. It registers this file in the system registry to ensure that the program is launched each time Windows is rebooted.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spools Service Controller" = "C:\WINNT\System32\spools.exe"

The backdoor opens two randomly chosen ports and waits for commands from the remote malicious user. Commands can be used to create files, download them from the Internet, reboot the infected computer, conduct DoS attacks using the victim machine, connect to an IRC server as a bot etc.
The backdoor can also function as a proxy server; this function is activated by a command from the remote malicious user.
Back to top
Display posts from previous:   
Post new topic   Reply to topic    Trilight Zone Forum Index -> Security All times are GMT
Page 1 of 1

 


Powered by phpBB © 2001, 2005 phpBB Group