What if your computer boots on its own, logs on to
websites that it wants, downloads harmful stuff like
no one's business, takes commands from someone in
hinterland Russia and send mails to anyone and everyone
like there's no tomorrow? Scary? Well, infection of
a Backdoor Trojan named 'Backdoor.Win32.SdBot.asr'
can lead computers into a situation like that.
Security analysts at MicroWorld
Technologies inform that 'Win32.SdBot.asr' slips
into user computers via Trojan Downloaders or through
manual downloads from the Internet. The Trojan Bot
is a Windows PE DLL file created in 'C' and packed
with WinUpack.
'Win32.SdBot.asr' can execute programs, reboot the
system, open files, open webpages in the default browser
of the host, download files, launch and manage a Proxy
Server on the victim machine, redirect information
sent to local port towards a remote port and send
out system information to the remote attacker. The
backdoor will also log on to specific websites to
update, upgrade and mutate towards better capabilities.
"Backdoor Trojans often come bundled with programs,
games and utilities that pretend to be safe and legitimate
otherwise," says Arti Taru, Assistant Manager
R&D, MicroWorld
Technologies. "Some of the Backdoors are
also distributed via the email route, where a small
piece of code gets into user computer and grows on
to a full fledged malware by logging on to nefarious
websites to upgrade themselves. Threat potential of
a Trojan bot is very high as the attacker almost completely
takes over a user computer and gains the ability to
perform a plethora of illegal activities using the
victim machine."
"Though many of these Backdoor Trojans are detected
by some of the AntiVirus programs, they are not removed
from the Windows registry. Hence when the computer
reboots, this malware finds its way back from nowhere.
That's why our proactive Security solution, eScan,
removes registry entries too so that a resurrection
of this Trojan is ruled out," continues Arti
Taru.
"The advancements in recent Backdoor Trojans
reflect a larger and radical shift in the nature and
purpose of today's malware landscape," observes
Govind Rammurthy, CEO, MicroWorld
Technologies. "Newer threats are getting
extremely focused and insidious in nature where the
attacker works with clinical precision in organizing
and orchestrating a range of online financial crimes.
Right from large enterprises to a single PC home user,
anything and anyone can be targeted and manipulated
while the victim can still remain completely unawares
of it, unless fast- updating and proactive defense
measures are employed in implementing Real-Time security
for information systems."
MicroWorld
MicroWorld (www.mwti.net
) is the developer of the world's first Real-Time
Anti-Virus and Content Security software eScan
for desktops and servers. Its communication security
software,
MailScan is the first comprehensive e-mail
scanner for your SMTP/POP3 Mail Server. MicroWorld
Winsock Layer (MWL) is the revolutionary technology
underlying these products, powering them to several
certifications and awards by some of the most prestigious
testing bodies, notable among them being Virus Bulletin,
Checkmark, TUCOWS, Red Hat Ready, and Novell Ready.
Combining their powerful scanner with MWL technology,
MicroWorld solutions provide a Real-Time Proactive
security for your systems. For network security of
enterprises, eConceal Firewall is the latest powerful
offering from MicroWorld.
To learn more, kindly visit http://www.mwti.net.
