Results 1 to 9 of 9

Thread: Dangeous BackDoor

  1. #1

    Exclamation Dangeous BackDoor

    There are hundreds of trojans and different backdoors out on the internet but one ive found seems to me to be the most dangerous. It's called Ackcmd from http://ntsecurity.nu/toolbox/
    what it does is when the user/hacker/cracker what ever you want to call them, opens up the client he types in commands to be executed on the target host. The client then encodes the commands into ackpackets and sends them to the target. because they are ack packets they have a better chance of penetrating a firewall then anything else. When the server recives the packets it executes the command and send the reply back via encoded ack packets. As you can see this backdoor is very dangerous and can give the attacker alot of power over your machine. But it gets worse unlike most backdoors they show up on antivirus sweeps but not ackcmd, ackcmd is completly stealth. To remove the server just search for ackcmdS.exe but remember script kiddies the only "hackers" that use widely distributed trojans love to use binders or mergers To remain stealthy which doesnt work if the target has antivirus because most all antivirus software has the ablity to scan executables for virii or trojans, But as I said before ackcmdS wont show up on most antivirus software. So an ackcmd server bound with an executable will prove a pretty powerful tool to a script kiddie, well even a pretty skilled hacker it would prove useful. I hope antivirus companies will fix this problem.

  2. #2
    does it only communicate through port 80, or can you change it

  3. #3
    AntiOnline Newbie
    Join Date
    Apr 2002
    Posts
    91
    In addition to an antivirus program, I also have Tauscan, a trojan remover, running at all times. (Yes, I am paranoid, even though I've never had a trojan on my machine!) I checked the database and see that Tauscan does list Ackcmd as one of the trojans it protects against. I have my doubts, though, as to how many people run an anti-trojan program.

  4. #4
    Hi mom!
    Join Date
    Aug 2001
    Posts
    1,103
    Apparently, this trojan has been written as a demonstration, to show how easy it would be to penetrate firewalls The server uses ports 80 and 1054, and, once installed, gives a remote dos prompt. An excellent page describing the program and linking towards a page explaining the details of the method used can be found here.

    This trojan isn't as bad as it looks on first sight: to install it, you have to manually start a server, and, once installed, you can easily kill it by stopping one process. The trojan has been reported working on Windows 98, NT and 2000.
    I wish to express my gratitude to the people of Italy. Thank you for inventing pizza.

  5. #5
    Banned
    Join Date
    Mar 2002
    Posts
    520
    My norton detected it... Can't be that good..

  6. #6
    Thats weird cause i just updated my norton and it didnt find it or my bound version.

  7. #7
    Senior Member
    Join Date
    May 2002
    Posts
    168
    check your settings, my norton detected it aswell.
    \"Why is the bomb always gettin\' the last word?\" - Will Smith - Lost & Found (2005)

  8. #8
    ok i tweeked my settings and it detected my single version but it didnt detect my bound version

  9. #9
    hmm re- check your settings at your norton, I've got the corporate edition version 5/29/2002 rev. 6, and it detected as well
    \"Knowledge is Power\"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •