Content
BackDoor
- Type
- -
- SubType
- -
- Discovery Date
- Length
- Minimum DAT
- Not Applic (01/01/2000)
- Updated DAT
- Not Applic (01/01/2000)
- Minimum Engine
- 5.1.00
- Description Added
- 08/01/2001
- Description Modified
- 01/25/2002 5:19 PM (PT)
Tab Navigation
Characteristics
BackDoor trojans usually give unauthorised access to a computer system. Usually a victim is fooled into running the "server" portion of the BackDoor. If it is run, usually copies itself to a system folder, and adds a reference to the registry, WIN.INI, or SYSTEM.INI. Usually the server opens a port on the computer and waits for an outside connection; some others connect to and IRC server and await commands there.
BackDoor trojans are currently assigned an ascending alphabetical sequence. BackDoors started at BackDoor-A and go to BackDoor-Z, and then from BackDoor-AA to BackDoor-AZ, and so on. When BackDoor-ZZ is reached, naming continues at BackDoor-AAA, continues to BackDoor-AAZ, and so on. For example, BackDoor-P contains all variants of the NetSphere family, and no other trojan is called BackDoor-P.
Sometimes trojans may get a category; for example, "svr" for server, "cli" for client, "cfg" for configuration program(also called editserver). Both of these naming additions are being phased out though.
Most of the common BackDoor trojans have information about in the VIL. If you need information on a specific BackDoor, contact AVERT and include a sample if possible.Symptoms
Method of Infection
Removal
-
Variants
Variants
N/A
All Information
Overview -
Characteristics
Characteristics -
BackDoor trojans usually give unauthorised access to a computer system. Usually a victim is fooled into running the "server" portion of the BackDoor. If it is run, usually copies itself to a system folder, and adds a reference to the registry, WIN.INI, or SYSTEM.INI. Usually the server opens a port on the computer and waits for an outside connection; some others connect to and IRC server and await commands there.
BackDoor trojans are currently assigned an ascending alphabetical sequence. BackDoors started at BackDoor-A and go to BackDoor-Z, and then from BackDoor-AA to BackDoor-AZ, and so on. When BackDoor-ZZ is reached, naming continues at BackDoor-AAA, continues to BackDoor-AAZ, and so on. For example, BackDoor-P contains all variants of the NetSphere family, and no other trojan is called BackDoor-P.
Sometimes trojans may get a category; for example, "svr" for server, "cli" for client, "cfg" for configuration program(also called editserver). Both of these naming additions are being phased out though.
Most of the common BackDoor trojans have information about in the VIL. If you need information on a specific BackDoor, contact AVERT and include a sample if possible.Symptoms
Symptoms -
Method of Infection
Method of Infection -
Removal -
Removal -
-
Variants
Variants -
N/A
