Backdoor Trojan Threatens to Take Over User Computers

From: MicroWorld Technologies, Inc
Published: Mon Aug 07 2006


What if your computer boots on its own, logs on to websites that it wants, downloads harmful stuff like no one’s business, takes commands from someone in hinterland Russia and send mails to anyone and everyone like there’s no tomorrow? Scary? Well, infection of a Backdoor Trojan named ‘Backdoor.Win32.SdBot.asr’ can lead computers into a situation like that.

Security analysts at MicroWorld Technologies inform that ‘Win32.SdBot.asr’ slips into user computers via Trojan Downloaders or through manual downloads from the Internet. The Trojan Bot is a Windows PE DLL file created in ‘C’ and packed with WinUpack.

‘Win32.SdBot.asr’ can execute programs, reboot the system, open files, open webpages in the default browser of the host, download files, launch and manage a Proxy Server on the victim machine, redirect information sent to local port towards a remote port and send out system information to the remote attacker. The backdoor will also log on to specific websites to update, upgrade and mutate towards better capabilities.

“Backdoor Trojans often come bundled with programs, games and utilities that pretend to be safe and legitimate otherwise,” says Arti Taru, Assistant Manager R&D, MicroWorld Technologies. “Some of the Backdoors are also distributed via the email route, where a small piece of code gets into user computer and grows on to a full fledged malware by logging on to nefarious websites to upgrade themselves. Threat potential of a Trojan bot is very high as the attacker almost completely takes over a user computer and gains the ability to perform a plethora of illegal activities using the victim machine.”

“Though many of these Backdoor Trojans are detected by some of the AntiVirus programs, they are not removed from the Windows registry. Hence when the computer reboots, this malware finds its way back from nowhere. That’s why our proactive Security solution, eScan, removes registry entries too so that a resurrection of this Trojan is ruled out,” continues Arti Taru.

“The advancements in recent Backdoor Trojans reflect a larger and radical shift in the nature and purpose of today’s malware landscape,” observes Govind Rammurthy, CEO, MicroWorld Technologies. “Newer threats are getting extremely focused and insidious in nature where the attacker works with clinical precision in organizing and orchestrating a range of online financial crimes. Right from large enterprises to a single PC home user, anything and anyone can be targeted and manipulated while the victim can still remain completely unawares of it, unless fast- updating and proactive defense measures are employed in implementing Real-Time security for information systems.”

MicroWorld: (www.mwti.net) is the developer of the world's first Real-Time Anti-Virus and Content Security software eScan for desktops and servers. Its communication security software, MailScan is the first comprehensive e-mail scanner for your SMTP/POP3 Mail Server. MicroWorld Winsock Layer (MWL) is the revolutionary technology underlying these products, powering them to several certifications and awards by some of the most prestigious testing bodies, notable among them being Virus Bulletin, Checkmark, TUCOWS, Red Hat Ready, and Novell Ready. Combining their powerful scanner with MWL technology, MicroWorld solutions provide a Real-Time Proactive security for your systems. For network security of enterprises, eConceal Firewall is the latest powerful offering from MicroWorld.

To learn more, kindly visit http://www.mwti.net
Company: MicroWorld Technologies, Inc
Contact Name: Manish
Contact Email: manish@mwti.net
Contact Phone: 248 522 7960

Visit website »