OTHER MALWARES Part 2

Publié le par SSTA


- Armageddon trojan: F1/P2













- IRC bot: P1/P2




- Fake codecs, zlob and  variants:P1/P2



Kav prevents only the malware from being permanent, not the download of roque products.


























In a live system, this trojan is difficult to remove for inexperienced users ("rebirth protection method": once killed, it restarts itself).

-Trojan downloader Wimad: P1/P2





This is a .wav file which takes advantage of a social engineering attack: you need to download some files for listening to this file.

- MSN Spammer: P1/P2




-SDBOT AVM: P1/P2








- backdoor zapchast: P1/P2








NB. A real life example of this generic IRC bot/backdoor by Mark Russinovich here.

-wmf trojan downloaders: P1/P2













As we take the point of view of a normal user, we have permitted an access to the net, and the desktop has changed:




Bur we consider the test as "Pass" (ability in prevention after the reboot).

-Backdoor Nethief.XP.q: P1/P2



Sorry, we do not understand chinese yet...perhaps should we train ourself for the next Olympic games...



-Backdoor UpRootkit: P1/P2

This is here an execllent example of "intruder/hacker tool": the server side bypass most port mappers (CurrPorts for instance) and some firewall.
The first goal is to give to the attacker a shell for a stealth intrusion (once connected to the server, the attacker can hide objects).
Here we do not focus on rootkit features, we just install the server side file as a backdoor/trojan.















Publié dans KASPERSKY 6 TEST

Commenter cet article