||||
Symantec.com > Security Response > Threats and Risks > Backdoor.Krei
PRINT THIS PAGE

Backdoor.Krei

Risk Level 1: Very Low

Printer Friendly Page

Discovered: January 31, 2003
Updated: February 13, 2007 11:57:38 AM
Type: Trojan Horse
Systems Affected: Windows 2000, Windows NT, Windows XP



Backdoor.Krei is a backdoor Trojan that uses Trojan.Slanret to hide its malicious activities. Backdoor.Krei opens a listening port (port 449 by default) on the infected computer and it gives a hacker full access to the infected system.




Symantec Security Response has received unconfirmed reports that both Backdoor.Krei and Trojan.Slanret have been placed on systems by hackers who used a known SQL server exploit. This is the same exploit used by W32.SQLExp.Worm.

Therefore, Symantec Security Response strongly suggests that administrators patch their SQL servers.

If Backdoor.Krei was successfully installed on the computer, an unauthorized user may have remotely accessed your system. For this reason, it is impossible to guarantee the integrity of a system that has had such an infection. The hacker could have made changes to the system, including but not limited to the following:
  • Stealing or changing passwords or password files.
  • Installing remote connectivity host software, also known as backdoors.
  • Installing keystroke logging software.
  • Configuring firewall rules.
  • Stealing credit card numbers, banking information, personal data, and so on.
  • Deleting or modifying files.
  • Sending inappropriate or even incriminating material from a customer's email account.
  • Modifying access rights on user accounts or files.
  • Deleting information from log files to hide such activities.

To be certain that your organization is secure, re-install the operating system, restore files from a backup made before the infection took place, and change all the passwords that may have been on the infected computers, or that were accessible from it. This is the only way to ensure that your systems are safe. For more information regarding security in your organization, contact your system administrator.

Protection

  • Initial Rapid Release version February 3, 2003
  • Latest Rapid Release version August 20, 2008 revision 017
  • Initial Daily Certified version February 3, 2003
  • Latest Daily Certified version August 20, 2008 revision 016
  • Initial Weekly Certified release date February 5, 2003

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Moderate

Damage

  • Damage Level: Medium

Distribution

  • Distribution Level: Low

Writeup By: Neal Hindocha
Search by name
Example: W32.Beagle.AG@mm
Windows 7
Windows Vista Security
©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS