| 1.Summary:
Satans Backdoor is a Trojan Horse capable of stealing
passwords. This
event is generated when an infected machine replies to the
attackers
connection attempt.
2.Impact:
Possible theft of data and passwords.
3.Detailed Information:
This Trojan affects the following operating systems:
Windows 95
Windows 98
Windows ME
Windows NT
Windows 2000
The Trojan server always communcates via port 666 and cannot be
changed
by the attacker. The server portion itself is named
winvmm32.exe, this
also cannot be changed. The main purpose of this Trojan is
password
stealing thus presenting the attacker with access to other
machines and
possible further compromise of data.
4.Attack Scenarios:
This Trojan may be delivered to the target in a number of
ways. This
event is indicative of an existing infection being activated.
Initial
compromise can be in the form of a Win32 installation program
that may
use the extension ".jpg" or ".bmp" when delivered via e-mail for
example.
5.Ease of Attack:
This is Trojan activity, the target machine may already be
compromised.
Updated virus definition files are essential in detecting this
Trojan.
The Trojan server is located called winvmm32.exe.
6.Corrective Action:
Delete the file winvmm32.exe.
Kill the process winvmm32.exe. |
