Code: p352 Severity: Warning
Description: BackOrifice is a Trojan Horse. Server Port: 31337 although in later versions this port can be changed to a value between 1 and 65535 Protocol: UDP although in later versions TCP can also be used Impact: Possible theft of data and control of the targeted machine leading to a compromise of all resources the machine is connected to. This Trojan also has the ability to delete data, steal passwords and disable the machine. Corrective: Edit the system registry to remove the extra keys or restore a previously known good copy of the registry. Affected registry keys are: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices Registry keys added may vary, look for spurious entries in the above locations. BackOrifice may hide the process from viewing inthe Windows task manager. A reboot of the infected machine is recommended.
|
