Hello,
Request you to please check the Link below:
System Infected: W32.Extrat RAT Activity
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=26353
W32.Extrat
https://www.symantec.com/security_response/writeup.jsp?docid=2012-111221-3742-99&tabid=2
The worm is related to the following remote access tools (RATs):
Xtreme RAT
Spy-Net RAT
When the worm is executed, it creates the following file:
%Windir%\installdir\server.exe
The worm opens a back door on the compromised computer, allowing an attacker to perform the following actions:
Access files
Steal stored passwords
Issue commands
Activate and view a webcam
Record keystrokes
Create an HTTP proxy
Connect to a control server on TCP
The worm may inject itself into iexplore.exe, or any customizable process.
BLOG from Symantec Security Response Team
W32.Extrat: Syrian Conflict Used To Deliver Xtreme RAT
http://bit.ly/WJB1Mt