[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] New backdoor program in the wild

To: full-disclosure@lists.netsys.com
Subject: [Full-Disclosure] New backdoor program in the wild
From: Jarkko Turkulainen <jt@klake.org>
Date: Sun, 23 Nov 2003 16:32:14 +0200 (EET)

I just found a new backdoor program in the wild. It is a reverse backdoor
that uses udp port 53 to communicate with the server side. It uses a
couple of interesting techniques, for example, it injects itself in hidden
IE instance.

I wrote a little paper about the analysis:

http://www.klake.org/~jt/malware/spotcom/



Regards,

--
Jarkko Turkulainen <jt@klake.org>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- RE: [Full-Disclosure] New backdoor program in the wild
  - From: "Kristian Hermansen" <khermansen@ht-technology.com>

Prev by Date: RE: [Full-Disclosure] safari dos
Next by Date: [Full-Disclosure] JS Dos
Previous by thread: [Full-Disclosure] Infinite JavaScript Loop
Next by thread: RE: [Full-Disclosure] New backdoor program in the wild
Index(es):
- Date
- Thread