1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. System Infected: Backdoor.Bosonha Activity

System Infected: Backdoor.Bosonha Activity

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects Backdoor.Bosonha network activity.

Additional Information

When the Trojan is executed, it creates a mutex with the following name:
Dd

The Trojan opens a back door, and may connect to one of the following servers:

"00.00.000.000":443
"23.19.122.196":443
"catp.zyns.com":443
"cat.zyns.com":443


The Trojan steals the following information:

System information
Volume information
Computer name
User name


The Trojan may perform the following actions:

Check if a specified file exists
Upload file contents from the compromised computer
Read and write a file
Write C:\Documents and Settings\All Users\Application Data\recycle.ini
Create a cmd.exe shell
Download and executes a remote file
Uninstall itself

Affected

  • Windows
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube