Subscriptions | RSS Feeds | Discussions | Polls | Site Map




All Threats

Viruses

Hackers

Spam
Whole site    Viruses
  
Virus Encyclopedia
Riskware
Alerts
Analysis
News
Glossary
Weblog


Malware Environment
Malware Descriptions
Who Creates Malware
History of Malware
Malware Trends
If Your Computer Is Infected

 
Malware Description Search

 

  Home / Viruses / Virus Encyclopedia / Malware Descriptions / Trojan Programs / Backdoors

Backdoor.Win32.Death.18

Aliases
Backdoor.Win32.Death.18 (Kaspersky Lab) is also known as: Backdoor.Death.18 (Kaspersky Lab), BackDoor-FP (McAfee),   Backdoor.Trojan (Symantec),   Backdoor:Win32/Death.1_8 (RAV),   TROJ_DEATH (Trend Micro),   BackDoor.Death (Grisoft)
Description added Sep 04 2002
Behavior Backdoor
Technical details

Backdoor Death is a Trojan horse family. These Trojan programs allow remote, anonymous access to victim computers and permit hackers to steal user passwords. Backdoor Death has three components: server, client and a utility used to set up server components.

Set-up Utility
This utility lets the hacker(s) controlling the backdoor Trojan to configure the server according to their requirements - for example they can: change the file server name, register in the system, make server icons, send email with stolen passwords, alter firewall settings (if victim computers have one installed), and more.

Server Component
Upon sever boot the backdoor code is copied to the system directory according the settings determined by the set-up utility. The server registers itself either in the system registry or in the file system.ini or win.ini directories. In this way the server ensures its code is run upon operating system boot or reboot. The server component is able to determine if any other viruses are currently infecting a victim computer. If one is detected Backdoor.Death shuts it down so that it does not get in the way of updating server components. In addition the server program is able to determine any installed firewall on victim machines, and is able to remove from memory firewall processes so that Backdoor.Death's controllers can transfer information over a network undetected.

Additionally, the server component monitors keyboard activity and records all keys pressed in a log file, which can then be analyzed by the virus' controller. The server component can also steal user login and password information and send this information back to Backdoor.Death's contoller(s) via email - according to the settings chosen in the server setup utility. When connecting to the Internet the server component sends a message to the site http://Idteam.org where the hackers controlling Backdoor.Death can register and see which computers are currently accessible.

Client Component
The Client component allows hackers controlling Backdoor.Death code to connect to the server component and perform an array of actions such as: 

-       viewing password information cached in the system

-       viewing the list of open windows

-       manipulating system files (copy, alter, delete and catalog) 

-       taking screen shots of the desktop

-       manipulating the registry

-       sending messages to victims or summoning victims for "chatting"
 

Copyright © 1996 - 2010
Kaspersky Lab
Industry-leading Antivirus Software
All rights reserved
 

Email: webmaster@viruslist.com