Tuesday, November 27, 2007

Man, This Is Smart! A Windows Infection That Gives Remote Control to The Hacker!

Free Image Hosting at www.ImageShack.us
We've seen similar infections in the past, but since this is pretty new, it might manage to bypass the antivirus protection and install on your computer. Security company Trend Micro discovered BKDR_DARKMOON.AH, a new backdoor affecting the Windows operating systems which attempts to open a port in order to allow the hacker to connect to
your computer. Basically, it can open any port it wants and, since there are so many remote control technologies available out there, it can easily allow its creator to control your system.

The backdoor affects most Windows versions including Windows 98, ME, NT, 2000, XP, Server 2003. But what's more important is that it has a high damage potential bundled with a medium distribution potential. Sure, it has a low overall risk rating, but it's still dangerous for our computers since it provides remote access to the attackers.

"This backdoor may be dropped by other malware. It opens a random port to allow a remote user to connect to the affected system. Once a successful connection is established, the remote user executes commands on the affected system", Trend Micro wrote in the advisory.

"Upon execution, this backdoor injects itself into the Internet Explorer process and sets up an obfuscated connection to [website], which currently resolves to [IP], to notify a remote user of the system it has compromised."

Since the backdoor is pretty new, there are no infections reported. However, you're still advised to keep your antivirus up-to-date with the latest virus definitions and avoid visiting malicious websites coming from unknown sources.

Most of the antivirus developers quickly update their solutions to provide support and disinfection for the reported threats so that you are protected as soon as possible. In case you don't have an antivirus solution installed on your computer, you can get one straight from Softpedia by visiting our Antivirus category.

No comments: