sobota 25. února 2012

Backdoor:Win32/Yonsole.B


Encyclopedia entry
Updated: Apr 17, 2011  |  Published: Jun 08, 2010

Aliases
  • W32/OnlineGames.EI.gen!Eldorado (Command)
  • Backdoor.Win32.Torr.bvp (Kaspersky)
  • BackDoor.Generic12.AMPZ (AVG)
  • Trojan.Generic.3769058 (BitDefender)
  • Win32/Tnega.AJE (CA)
  • Win32/Farfli.AC (ESET)
  • Backdoor.Win32.Inject (Ikarus)
  • PWS-OnlineGames.im (McAfee)
  • Backdoor.Win32.Undef.gop (Rising AV)
  • Troj/Bckdr-RCK (Sophos)

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated:
Definition: 1.121.332.0
Released: Feb 24, 2012
Detection initially created:
Definition: 1.83.912.0
Released: Jun 01, 2010


 

Summary

Backdoor:Win32/Yonsole.B is a trojan that allows unauthorized access and control of an affected computer, and connects to a remote host for instructions.


 

Symptoms

There are no obvious symptoms that indicate the presence of this malware on an affected computer.


 

Technical Information (Analysis)

Backdoor:Win32/Yonsole.B is a trojan that allows unauthorized access and control of an affected computer, and connects to a remote host for instructions.
Installation
Backdoor:Win32/Yonsole.B is installed as a Service DLL by Backdoor:Win32/Yonsole.A.
Payload
Allows backdoor access and control
When executed, Backdoor:Win32/Yonsole.B connects to a remote server and waits for instructions. In the wild, Backdoor:Win32/Yonsole.B has been observed connecting to the domain yonker.3322.org  on port 83 for this purpose.
 
Using this backdoor, a remote attacker can instruct an affected computer to:
 
  • Download a file and execute it
  • Inject code to process winlogon.exe
  • Reboot the machine
  • Modify the Master Boot Record (MBR), which may be detected as Trojan:DOS/Yonsole.A
 
Analysis by Chun Feng

Žádné komentáře:

Okomentovat

Poznámka: Komentáře mohou přidávat pouze členové tohoto blogu.