Content
BackDoor-BAC.dll
- Type
- Trojan
- SubType
- Application extension
- Discovery Date
- 12/08/2004
- Length
- various
- Minimum DAT
- 4298 (10/15/2003)
- Updated DAT
- 5897 (02/19/2010)
- Minimum Engine
- 5.1.00
- Description Added
- 04/21/2004
- Description Modified
- 07/25/2007 10:52 AM (PT)
Tab Navigation
Characteristics
Update: some variants will be also be capable of remotely control the machine and start/stop services.
This detection is for the DLL component of the BackDoor-BAC trojan.
Once loaded the DLL monitors the browser sessions on the victim machine, logging keystroke data for windows containing any of the following strings:
- gold
- paypal
- ebay
- fethard
- money
- bank
- banque
- escrow
- halifax
- barclays
- lloydstsb
- hsbc
- westpac
- ikobo
- bookers
- barclays
- creditmutuel
- bullion
- agricole
- videoposte
For more information on this threat, please see the following description:
http://vil.nai.com/vil/content/v_101152.htm
The 4412 DATs contained detection for a 4,752 byte DLL as BackDoor-BAC.dll. This is actually a downloading trojan, and detection has been renamed to Downloader-TA.dll (will be in the 4414 DATs). Please see the following description for more details on this threat:
http://vil.nai.com/vil/content/v_130369.htm
Symptoms
For more information on this threat, please see the following description:http://vil.nai.com/vil/content/v_101152.htm
Method of Infection
This DLL is likely to be installed on the victim machine as part of the BackDoor-BAC backdoor.
For more information on this threat, please see the following description:
http://vil.nai.com/vil/content/v_101152.htm
Removal
All Users:
Use current engine and DAT files for detection and removal.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
Variants
Variants
N/A
All Information
Overview -
This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.
Characteristics
Characteristics -
Update: some variants will be also be capable of remotely control the machine and start/stop services.
This detection is for the DLL component of the BackDoor-BAC trojan.
Once loaded the DLL monitors the browser sessions on the victim machine, logging keystroke data for windows containing any of the following strings:
- gold
- paypal
- ebay
- fethard
- money
- bank
- banque
- escrow
- halifax
- barclays
- lloydstsb
- hsbc
- westpac
- ikobo
- bookers
- barclays
- creditmutuel
- bullion
- agricole
- videoposte
For more information on this threat, please see the following description:
http://vil.nai.com/vil/content/v_101152.htm
The 4412 DATs contained detection for a 4,752 byte DLL as BackDoor-BAC.dll. This is actually a downloading trojan, and detection has been renamed to Downloader-TA.dll (will be in the 4414 DATs). Please see the following description for more details on this threat:
http://vil.nai.com/vil/content/v_130369.htm
Symptoms
Symptoms -
For more information on this threat, please see the following description:http://vil.nai.com/vil/content/v_101152.htm
Method of Infection
Method of Infection -
This DLL is likely to be installed on the victim machine as part of the BackDoor-BAC backdoor.
For more information on this threat, please see the following description:
http://vil.nai.com/vil/content/v_101152.htm
Removal -
Removal -
All Users:
Use current engine and DAT files for detection and removal.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
Additional Windows ME/XP removal considerations
Variants
Variants -
N/A
