Printer Friendly Page

Discovered: April 01, 2004
Updated: April 05, 2004 2:11:47 PM
Systems Affected: Windows

Backdoor.IRC.Aimwin is a back door server program that allows unauthorized remote access to the compromised host. The remote attacker may also issue a command to cause the back door to propagate through Kazaa.

Technical Description

Backdoor.IRC.Aimwin is a back door server program that allows a remote attacker to perform various actions on a compromised host. When the back door is installed, it creates a copy of itself using a name and path of the attacker's choice. It then creates the following registry entry so that this file is executed every time Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows = <trojan path>

The back door allows the remote attacker to perform some of the following actions on the compromised system:
List, kill, and start processes
Download and execute files
Shut down and restart the system
Steal the CD keys from popular computer games
Steal system information, including OS version, IP address, CPU speed, system up time
Launch Denial of Service (DoS) attacks, including ping, UDP, and ICMP

The remote attacker may also command the back door to locate the Kazaa shared folder and create copies of itself there. The back door may copy itself to this folder using the following file names:
Windows XP Keygen.exe
Windows .NET KeyGen.exe
Windows .NET Enterprise Server KeyGen.exe
Windows .NET All Version Activation Crack.exe
Windows .NET All Version KeyGen.exe
Windows .NET WPA Crack.exe
Windows .NET Activation Hack.exe
Windows XP WPA Crack.exe
Cisco Hacker.exe
Cisco Hacker 2003.exe
Cisco Hacker v4.0.exe
Cisco Scanner 2.exe
Cisco Scanner Lite.exe
Cisco Scanner Setup.exe
Proxy Scanner v4.0b.exe
Longhorn 4015 Keygen.exe
Office 2003 Keygen.exe
CS AimBot OGL.exe
CS OGL Hack.exe
CS OGL 3.3 Hack.exe
CS OGL 3.5 Hack.exe
CS OGL 3.1b Hack.exe
Rage OGL 3.5 Hack.exe
Rage OGL 3.3 Hack.exe
Rage OGL 3.1b Hack.exe
Direct X 9.0a Setup.exe
Direct X 9.0a Web Setup.exe
Direct X 9.0a Runtime.exe
XXX Pass Hacker.exe
XXX Password List.exe
Nero Keygen.exe
mIRC KeyGen.exe
Winzip Keygen.exe
Half-Life Multi Hack.exe
Counter-Strike Multi Hack.exe
Half-Life CD-Key Generator.exe
Counter-Strike CD-Key Generator.exe
Quake III Arena KeyGen.exe