Full Disclosure mailing list archives

New backdoor program in the wild

From: Jarkko Turkulainen <jt () klake org>
Date: Sun, 23 Nov 2003 16:32:14 +0200 (EET)


I just found a new backdoor program in the wild. It is a reverse backdoor
that uses udp port 53 to communicate with the server side. It uses a
couple of interesting techniques, for example, it injects itself in hidden
IE instance.

I wrote a little paper about the analysis:

http://www.klake.org/~jt/malware/spotcom/



Regards,

--
Jarkko Turkulainen <jt () klake org>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

New backdoor program in the wild Jarkko Turkulainen (Nov 23)
- RE: New backdoor program in the wild Kristian Hermansen (Nov 23)
  - Re: New backdoor program in the wild Chris Rose (Nov 23)
- <Possible follow-ups>
- RE: New backdoor program in the wild Kristian Hermansen (Nov 23)