Discovered: March 23, 2004
Updated: March 23, 2004 5:14:02 PM
Systems Affected: Windows
Backdoor.Cazno is a back door server program that allows unauthorized remote access to a compromised host.
Backdoor.Cazno is a typical back door server program. When the back door is installed, it creates the following file:
Next to hook system startup the backdoor creates the following registry entry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\"CAZNOVAS" = "%system%\CAZNOVAS.exe"
Once the back door is running, it listens on a configurable port for connections from the remote attacker.
The backdoor will allow a remote attacker to perform the following actions:
Obtain system information (computer/user name, operating system information, hardware/system configuration data, and IP address)
Control window functions (show/hide windows)
Shut down and restart the computer
Control the Web camera
Control file system (list, delete, rename, and create files)
Finally the backdoor uses ICQ or IRC to transmit information for a compromised system to a configurable ICQ contact/IRC server.