1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. System Infected: Backdoor.Destover Activity

System Infected: Backdoor.Destover Activity

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects activity of Backdoor.Destover.

Additional Information

When the Trojan is executed, it creates the following file:
%SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\Startup\[THREAT FILE NAME]

The Trojan then connects to the following IP addresses and ports:
203.131.222.102 on TCP port 443
208.105.226.235 on TCP port 443

The Trojan may then perform the following actions:
Delete files
-Change files' time stamps
-Execute commands through cmd.exe
-Create processes
-List running processes
-End processes
-Gather system information

Affected

  • Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube