Discovered: November 4, 2003
Updated: November 5, 2003 9:05:54 PM
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows NT, Windows 2000
Backdoor.Bionet.404 is a backdoor program that permits unauthorized remote access to a compromised system.
When the backdoor is executed on a system, the program first creates the following file in the system directory with read-only, system, and hidden file attributes:
%System%\ntdll.exe
The backdoor next adds the following registry key so that the backdoor will start everytime the system is rebooted:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\"ntdll" = "ntdll.exe"
The trojan then begins listening on TCP port 15348 for incoming connections, giving unauthorized remote access to attackers.
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine