Printer Friendly Page

Discovered: March 23, 2004
Updated: March 23, 2004 5:14:02 PM
Systems Affected: Windows

Backdoor.Cazno is a back door server program that allows unauthorized remote access to a compromised host.

Technical Description

Backdoor.Cazno is a typical back door server program. When the back door is installed, it creates the following file:

Next to hook system startup the backdoor creates the following registry entry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\"CAZNOVAS" = "%system%\CAZNOVAS.exe"

Once the back door is running, it listens on a configurable port for connections from the remote attacker.

The backdoor will allow a remote attacker to perform the following actions:
Obtain system information (computer/user name, operating system information, hardware/system configuration data, and IP address)
List/start/stop processes
Control window functions (show/hide windows)
Log keystrokes
Steal passwords
Shut down and restart the computer
Control the Web camera
Control file system (list, delete, rename, and create files)

Finally the backdoor uses ICQ or IRC to transmit information for a compromised system to a configurable ICQ contact/IRC server.