Publié le par SSTA

-Backdoor Win32.WinRC: P1/P2

-Trojan Spy Win32 vb.qq : P1/P2

"Dialer " detections are false positive:

We build a server that we call Yahoo Messenger, configured to kill Windows firewall, kaspersky antivirus (avp.exe) etc.

-Trojan Spy Win32.VB.dd: P1/P2

-Trojan Spy HermanAgent: P1/P2

We build a server that we call Columbo.

-Sniffer Door (currently detected by none av): P1/P2

The malware package include client/server side (sniffer door and netcat):

The server sided only:

This chinese backdoor should logically be detected by Rising antivirus isn't it?

Unfortunatelly not!

We use the option "replace service" instead of "create":

-SBdoor (R): F1/F2

This backdoor has the same feature as Netcat, and is provided by a campany specialized in pen-testing.

The file has been renamed, but is not known by antivirus softwares.

As a pure backdoor, Kav detects nothing via the PDM, neither via the file antivirus (not listed in its malware database).

-TGA backdoor: P1/P2

This backdoor, detected on Virus Total, is not detected by Kav with an on demand scan:

We choose the ActiveX installation option:

We choose to call the server process as csrss.exe:

-Trojan NuclearPrank.c: P1/P2

-Trojan Spy Delf.fg: P1/P2

-Backdoor Win32.Wollf: P1/P2

As we have allowed the service installation, we need to delete it:

-Backdoor Delf.akl (Niova Backdoor): F1/P2

We build a server that we call zizou:

We have not enable the start up option for the server: the malware just try to connect:

-Trojan DownloaderAgent.bkp: P1/P2

-Trojan generated (we use a specific tool which generate customized trojans): P1/P2

-Trojan DOS QuickFlood.a: P1/P2

-OrKutPishing trojan Spy: P1/P2

The on demand scan of the server file (malware unknown from Kaspersky lab):

But unknown from the database, catched by the PDM:

-Trojan/backdoor Win32.Delf.axb: P1/P2

Publié dans KASPERSKY 6 TEST

Commenter cet article