1. /
  2. Security Response/
  3. Backdoor.Formador

Backdoor.Formador

Risk Level 1: Very Low

Discovered:
December 10, 2003
Updated:
December 11, 2003 3:25:55 PM
Also Known As:
Downloader-DP [McAfee], Perlovga [McAfee], Backdoor.Trojan.Client [Symantec], Backdoor.Formador.c [Kaspersky]
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
Backdoor.Formador is a back door server program that allows a remote attacker to perform various actions on a compromised computer. The Trojan can be received as any file name that the attacker chooses. When it is executed, it creates a copy of itself in the Windows System directory using the file name it was received as.

It then creates the following registry entry so that it is launched every time Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[TROJAN FILE NAME] = "%System%\[TROJAN FILE NAME] .exe"

The back door then makes a request to a predefined HTTP server to request a list of commands. The back door allows the remote attacker to perform some of the following actions:
  • Reconfigure the back door
  • Send system information using an HTTP POST request
  • Modify the registry
  • Delete files
  • Download and execute arbitrary code
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver