Content

BackDoor-DKG.cfg

Type
Trojan
SubType
Configurator
Discovery Date
08/21/2007
Length
varies
Minimum DAT
5102 (08/21/2007)
Updated DAT
5214 (01/23/2008)
Minimum Engine
5.1.00
Description Added
08/21/2007
Description Modified
08/21/2007 10:31 PM (PT)
Risk Assessment
Corporate User
Low
Home User
Low

Tab Navigation

Characteristics

This description is for the server editor component of the BackDoor-DKG Trojan. The characteristics of this Trojan with regards to the file names etc will differ, from one version to another.

The Trojan editor component is designed to deliver the following functionalities:

  • Choosing from a range of startup methods (HKCU entries, ActiveX startup etc)
  • Keylogger works with WH_KEYBOARD_LL hooks.
  • Interactive DOS-Shell.
  • Encrypt the traffic using RC4 cipher.
  • Interactive Process Blacklist which could disable various AntiVirus and Security tools.
  • Virtual-Machine detection, AntiSandbox detection and Anti-Debugging techniques.
  • Receiving Webcam, Audio captures from the victim machine.
  • Web Downloader component which allows the attacker to download and execute remote files on the victim's machine.
  • Ability to tamper with the running processes and services interactively.
  • Retrieve cd keys of windows and various games softwares.

Symptoms

Method of Infection

Removal

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.

Additional Windows ME/XP removal considerations

Variants

Variants

    N/A

All Information

Overview -

This description is for the server editor component of the BackDoor-DKG Trojan. The characteristics of this Trojan with regards to the file names etc will differ, from one version to another.

Aliases

  • Backdoor.Win32.VB.bax (Kaspersky)

Characteristics

Characteristics -

This description is for the server editor component of the BackDoor-DKG Trojan. The characteristics of this Trojan with regards to the file names etc will differ, from one version to another.

The Trojan editor component is designed to deliver the following functionalities:

  • Choosing from a range of startup methods (HKCU entries, ActiveX startup etc)
  • Keylogger works with WH_KEYBOARD_LL hooks.
  • Interactive DOS-Shell.
  • Encrypt the traffic using RC4 cipher.
  • Interactive Process Blacklist which could disable various AntiVirus and Security tools.
  • Virtual-Machine detection, AntiSandbox detection and Anti-Debugging techniques.
  • Receiving Webcam, Audio captures from the victim machine.
  • Web Downloader component which allows the attacker to download and execute remote files on the victim's machine.
  • Ability to tamper with the running processes and services interactively.
  • Retrieve cd keys of windows and various games softwares.

Symptoms

Symptoms -

Method of Infection

Method of Infection -

Removal -

Removal -

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.

Additional Windows ME/XP removal considerations

Variants

Variants -

    N/A