· MS04-032: Ecommander Backdoor

Discussion in 'malware problems & news' started by the mul, Oct 22, 2004.

Thread Status:
Not open for further replies.
  1. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,704
    Location:
    scotland
    An MS04-032 proof-of-concept exploit has become a real one. Thankfully, it is not widespread but it provides a new method of attack on unpatched systems. Everyone is encouraged to complete Windows Updates as soon as they can

    MS04-032: Ecommander Backdoor
    http://www.symantec.com/avcenter/venc/data/backdoor.emcommander.html

    Backdoor.Emcommander is a Backdoor Trojan distributed as an EMF image file. It exploits the Microsoft Windows WMF/EMF Image Format Rendering Remote Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS04-032) and allows an attacker to control the compromised system.

    Opens a backdoor on TCP port 31337 and listens for commands from an attacker. The port number may vary because Backdoor.Emcommander can be built with a Backdoor.ConstructKit tool, where the port number can be specified as a parameter. Executes the remote command sent by the attacker through the Internet. The remote command is executed through "cmd.exe" of the compromised system


    THE MUL
     
    the mul, Oct 22, 2004
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...