Heads Up**Backdoor.WinShell.50

[Und3ertak3r]

Hi Guys..
As per my usual Heads up.. only Higher risk Threats are listed here.. ie Symantec's Cat 2 or higher.. I have not included the links to the McAfee and KAV reports on this one..

Backdoor.WinShell.50

Symantec Info Page


This ones entry is due to its damage capability.

Threat Assesment

Wild:- Low
Damage:- Medium
Distribution:- Low


Threat containment: Easy
Removal: Moderate

Damage

Payload:
Compromises security settings: Allows unauthorized commands to be remotely executed.

Summary of Threat

Backdoor.WinShell.50 is a server program that allows unauthorized access to an infected computer.

The Backdoor will listen on port 8719.

This piece of malware, along with Trojan.Stealther, has recently been found on systems which have been exploited by the Microsoft DCOM RPC vulnerability.

NOTE: Virus definitions dated August 6, 2003 may detect this as Backdoor.Winshell.


Also Known As: Backdoor.Winshell.50 [KAV], BackDoor-TC [McAfee]

Type: Trojan Horse
Infection Length: 14,168 bytes

Systems Not Affected: Linux, Macintosh, OS/2, UNIX

Technical Details

Opens Port 8719 to listen for remote commands that it will issue to a command shell.

Cheers

[tonybradley]

Didn't mean to steal your thunder- I searched on the McAfee name (Stealther) before posting my thread.

This one is pretty sneaky because once you have it it is very hard to tell if you have it. You almost need to boot all machines to Safemode to check them out.

[Und3ertak3r]

Thats why I couldn't find it..

But then again I have been getting a bit lazy

cheers