Troj/Tunnel-A ; Aliases: Backdoor.Checkesp

Discussion in 'malware problems & news' started by FanJ, Jun 4, 2003.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    http://www.sophos.com/virusinfo/analyses/trojtunnela.html

    Description
    Troj/Tunnel-A is a backdoor Trojan. When the Trojan is first executed a copy will be created in the system folder with the filename sys64.exe and the following registry entry will be created so that the Trojan is run when Windows starts up:

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\tunelling = sys64.exe

    Troj/Tunnel-A begins by connecting to a site run by the attacker to inform them that the computer has been compromised. The Trojan will then listen for commands from the attacker.

    The Trojan also listens on port 80, the default HTTP port, and redirects network traffic on that port to the attacker.
     
  2. Longthing

    Longthing Registered Member

    Joined:
    Jul 27, 2002
    Posts:
    40
    Got already a sample here.
     
  3. FanJ

    FanJ Guest

    Hi Jan,
    I hope you could get rid of it !

    Cheers, Jan.
     
  4. Longthing

    Longthing Registered Member

    Joined:
    Jul 27, 2002
    Posts:
    40
    No problem. Didn't execute it. :)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.