Risiko: sehr gering
Typ: Trojaner
entdeckt am: 05. August 2004
auch bekannt als: WINCE_BRADOR.A [Trend Micro], Backdoor.WinCE.Brador.a [Kaspersky], WinCE/BackDoor-CHK [McAfee], WinCE.Brador.A [Computer Assoc, Troj/Brador-A [Sophos]

Information:

Backdoor.Brador.A is the first Windows Mobile backdoor Trojan horse. This backdoor sends the IP address of the infected handheld to the attacker and opens TCP port 2989.

Backdoor.Brador.A will work on Windows Mobile 2003 and only affects ARM-based devices.

Note: Windows Mobile 2003 is also known as Pocket PC 2003 and Windows CE 4.2.

technische Details:

When Backdoor.Brador.A is launched, it performs the following actions:
Copies itself to Windows/StartUp/Svchost.exe (5632 bytes) so that it starts when Windows starts.

Continually attempts to send the attacker the IP address of the handheld by email until it succeeds.

Opens TCP port 2989 and waits for further instructions from the attacker.

Allows the attacker to remotely perform the following commands:
List the directory contents
Upload a file
Display a message box
Download a file
Execute the specified command


[Link nur für registrierte Mitglieder sichtbar.]