Search
Keyword: bkdr_bn.311.eds
This backdoor may be dropped by other malware. Arrival Details This backdoor may be dropped by other malware. Other System Modifications This backdoor adds the following registry keys:
This backdoor has received attention from independent media sources and/or other security firms. This backdoor opens a hidden Internet Explorer window. It logs a user's keystrokes to steal
This backdoor may be dropped by other malware. Arrival Details This backdoor may be dropped by other malware. Installation This backdoor drops the following copies of itself into the affected system:
This backdoor connects to a website to send and receive information. Backdoor Routine This backdoor connects to the following websites to send and receive information: http://{BLOCKED
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This backdoor arrives on a system as a
This backdoor initially queries certain registry entries to check if the system is running under a proxy server. Otherwise, without a proxy server, the malware will just keep on attempting to resolve
This backdoor opens a random port to allow a remote user to connect to the affected system. Once a successful connection is established, the remote user executes commands on the affected system.
This backdoor may be downloaded by other malware/grayware/spyware from remote sites. It may be unknowingly downloaded by a user while visiting malicious websites. Arrival Details This backdoor may be
This backdoor may be dropped by other malware. It deletes itself after execution. Arrival Details This backdoor may be dropped by the following malware: TROJ_ADOBFP.SM Installation This backdoor
It monitors user activities and records messages posted to the system message queue which may include keystrokes to steal user information such as username and password. This backdoor may be dropped
It did not exhibit information theft routines during testing. It has no rootkit capabilities. It executes commands from a remote malicious user, effectively compromising the affected system. This
It is an encrypted configuration file that is used by the WORM_QAKBOT family. Once decrypted, it contains the following: reference to the components and their corresponding random file names in the
Other System Modifications This backdoor adds the following registry entries: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\SharedAccess\Parameters\ FirewallPolicy\StandardProfile
This backdoor modifies registry entries to disable various system services. This action prevents most of the system functions to be used. It connects to a website to send and receive information.
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be dropped by other malware. Arrival Details
This backdoor arrives as a component bundled with malware/grayware packages. It may be unknowingly downloaded by a user while visiting malicious websites. It is a component of other malware. It may
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It arrives as a component bundled with
This backdoor may be unknowingly downloaded by a user while visiting malicious websites. It may be dropped by other malware. Arrival Details This backdoor may be unknowingly downloaded by a user
This backdoor may arrive bundled with malware packages as a malware component. Arrival Details This backdoor may arrive bundled with malware packages as a malware component. NOTES: It reads its
This backdoor has received attention from independent media sources and/or other security firms. To get a one-glance comprehensive view of the behavior of this Backdoor, refer to the Threat Diagram