· MS04-032: Ecommander Backdoor

Discussion in 'malware problems & news' started by the mul, Oct 22, 2004.

Thread Status:
Not open for further replies.
  1. the mul

    the mul Registered Member

    Jul 31, 2003
    An MS04-032 proof-of-concept exploit has become a real one. Thankfully, it is not widespread but it provides a new method of attack on unpatched systems. Everyone is encouraged to complete Windows Updates as soon as they can

    MS04-032: Ecommander Backdoor

    Backdoor.Emcommander is a Backdoor Trojan distributed as an EMF image file. It exploits the Microsoft Windows WMF/EMF Image Format Rendering Remote Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS04-032) and allows an attacker to control the compromised system.

    Opens a backdoor on TCP port 31337 and listens for commands from an attacker. The port number may vary because Backdoor.Emcommander can be built with a Backdoor.ConstructKit tool, where the port number can be specified as a parameter. Executes the remote command sent by the attacker through the Internet. The remote command is executed through "cmd.exe" of the compromised system

Thread Status:
Not open for further replies.