Publié le par SSTA

- Armageddon trojan: F1/P2

- IRC bot: P1/P2

- Fake codecs, zlob and  variants:P1/P2

Kav prevents only the malware from being permanent, not the download of roque products.

In a live system, this trojan is difficult to remove for inexperienced users ("rebirth protection method": once killed, it restarts itself).

-Trojan downloader Wimad: P1/P2

This is a .wav file which takes advantage of a social engineering attack: you need to download some files for listening to this file.

- MSN Spammer: P1/P2


- backdoor zapchast: P1/P2

NB. A real life example of this generic IRC bot/backdoor by Mark Russinovich here.

-wmf trojan downloaders: P1/P2

As we take the point of view of a normal user, we have permitted an access to the net, and the desktop has changed:

Bur we consider the test as "Pass" (ability in prevention after the reboot).

-Backdoor Nethief.XP.q: P1/P2

Sorry, we do not understand chinese yet...perhaps should we train ourself for the next Olympic games...

-Backdoor UpRootkit: P1/P2

This is here an execllent example of "intruder/hacker tool": the server side bypass most port mappers (CurrPorts for instance) and some firewall.
The first goal is to give to the attacker a shell for a stealth intrusion (once connected to the server, the attacker can hide objects).
Here we do not focus on rootkit features, we just install the server side file as a backdoor/trojan.

Publié dans KASPERSKY 6 TEST

Commenter cet article