Backdoor.Bionet.404

Printer Friendly Page

Discovered: November 04, 2003
Updated: November 05, 2003 9:05:54 PM
Systems Affected: Windows

Backdoor.Bionet.404 is a backdoor program that permits a remote attacker access on TCP port 15348.

Discovered: November 04, 2003
Updated: November 05, 2003 9:05:54 PM
Systems Affected: Windows

Backdoor.Bionet.404 is a backdoor program that permits unauthorized remote access to a compromised system.

When the backdoor is executed on a system, the program first creates the following file in the system directory with read-only, system, and hidden file attributes:
%System%\ntdll.exe

The backdoor next adds the following registry key so that the backdoor will start everytime the system is rebooted:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\"ntdll" = "ntdll.exe"

The trojan then begins listening on TCP port 15348 for incoming connections, giving unauthorized remote access to attackers.