OTHER MALWARES Part 12

Publié le par SSTA



-Backdoor Win32.WinRC: P1/P2








-Trojan Spy Win32 vb.qq : P1/P2

"Dialer " detections are false positive:





We build a server that we call Yahoo Messenger, configured to kill Windows firewall, kaspersky antivirus (avp.exe) etc.











-Trojan Spy Win32.VB.dd: P1/P2










-Trojan Spy HermanAgent: P1/P2

We build a server that we call Columbo.












-Sniffer Door (currently detected by none av): P1/P2

The malware package include client/server side (sniffer door and netcat):




The server sided only:




This chinese backdoor should logically be detected by Rising antivirus isn't it?




Unfortunatelly not!

We use the option "replace service" instead of "create":









-SBdoor (R): F1/F2

This backdoor has the same feature as Netcat, and is provided by a campany specialized in pen-testing.



The file has been renamed, but is not known by antivirus softwares.







As a pure backdoor, Kav detects nothing via the PDM, neither via the file antivirus (not listed in its malware database).


-TGA backdoor: P1/P2



This backdoor, detected on Virus Total, is not detected by Kav with an on demand scan:




We choose the ActiveX installation option:




We choose to call the server process as csrss.exe:











-Trojan NuclearPrank.c: P1/P2









-Trojan Spy Delf.fg: P1/P2








-Backdoor Win32.Wollf: P1/P2







As we have allowed the service installation, we need to delete it:







-Backdoor Delf.akl (Niova Backdoor): F1/P2





We build a server that we call zizou:



We have not enable the start up option for the server: the malware just try to connect:






-Trojan DownloaderAgent.bkp: P1/P2











-Trojan generated (we use a specific tool which generate customized trojans): P1/P2







-Trojan DOS QuickFlood.a: P1/P2







-OrKutPishing trojan Spy: P1/P2




The on demand scan of the server file (malware unknown from Kaspersky lab):



But unknown from the database, catched by the PDM:




-Trojan/backdoor Win32.Delf.axb: P1/P2






























Publié dans KASPERSKY 6 TEST

Commenter cet article