Results 1 to 4 of 4

Thread: High Risk Trojan Alert - Backdoor.NetDevil

  1. #1
    Senior Member
    Join Date
    Jan 2002
    Posts
    682

    Exclamation High Risk Trojan Alert - Backdoor.NetDevil

    Backdoor.NetDevil
    Discovered on: February 13, 2002
    Last Updated on: February 13, 2002 at 10:49:01 AM PST


    Backdoor.NetDevil allows a hacker to remotely control an infected computer.


    Type: Trojan Horse


    Threat Assessment:


    Wild: Low
    Damage: High
    Distribution: Low

    Payload Trigger: Running Backdoor.NetDevil
    Payload:
    Releases confidential info: Keystrokes can be logged and sent to the hacker
    Compromises security settings: Allows unauthorized access to the compromized computer

    Technical description:


    When Backdoor.NetDevil is run, it does the following:

    It copies itself to the %System% folder. The file name that it uses may vary, because the hacker who creates this Backdoor Trojan can choose any desired file name.

    NOTE: %System% is a variable. The worm locates the \Windows\System folder (by default this is C:\Windows\System or C:\Winnt\System32) and copies itself to that location.

    It adds a value that refers to the dropped file to one of the following registry keys:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

    When the hacker creates the BackDoor.NetDevil server file, there are many functions that can be added. For example, it can be programmed to:

    Display a fake error message to conceal its true nature.
    Choose the ports that are used by the backdoor to communicate with the hacker. By default, it uses port 901 for direct control, port 902 for communicating logged key strokes, and port 903 for file transfer.
    Use different notification methods to send information to the hacker about the compromised computer.
    Attempt to kill running firewall and antivirus processes.

    If Backdoor.NetDevil is run, it allows the hacker to remotely take control over the compromised computer, and can include:
    Full control over the file system
    Upload to and download from the host computer
    Run files of the hacker's choice
    Kill running processes
    Display messages
    View the screen
    Log key strokes
    Annoying actions, such as manipulate the mouse, open and close the CD-ROM drive, turn the monitor on and off, and so on.


    Additional information:

    Possible system changes
    If the Trojan was run and a hacker executed files on the computer, it may be difficult to determine exactly what was done, even after you remove the Trojan. If you are familiar with your operating system and how to use system repair or system checking tools, we suggest that you fully check the system for any of these modifications and undo them. Otherwise, consider reinstalling the Windows operating system.
    I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson

  2. #2
    Very good to know. Time for everyone to update there virus software.

    LAMO nice signature

  3. #3
    Senior Member
    Join Date
    Jan 2002
    Posts
    657

    Thumbs down

    Just another wannabe RAT to cause more problems with the newbies.

    Do i feel this will go any further? no cause its just like netbus... lame and already out done by other programers.

    sub7 is the one u have to look out for because of how widely it is used and how easy it is 2 edit and asuch.

    But even sub7 isnt used much anymore.. mainly trojans like litmus, XOT, SD bot and others are mainly used these days but thier just pretty much for DDoS and some simple task.
    [shadow]i have a herd of 1337 sheep[/shadow]
    Worth should be judged on quality... Not apperance... Anyone can sell you **** inside a pretty box.. The only real gift then is the box..

  4. #4
    NO I had not heard of that one, thank you for the update.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •