Home / malware

PDF

Backdoor:W32/Ghost.gen!A

First posted on 23 April 2009.
Source: SecurityHome

Aliases :

Backdoor:W32/Ghost.gen!A is also known as Troj/Bckdr-QMR (Sophos), Infostealer.Gampass (Symantec), Backdoor:WinNT/Farfli (Microsoft).

Explanation :

A remote administration utility which bypasses normal security mechanisms to secretly control a program, computer or network.

Additional DetailsBackdoor:W32/Ghost.gen!A is the Generic Detection for the Ghost backdoor program.

Ghost originates from China.

Activity

The Server component of this program has the following settings:


• Port
• Max connections
• DNS/IP
• Connect through Socks5
• Use Proxy
• Username/Password support
• Service name/Descriptor name that appears in victim's machine
When using Ghost, a remote attacker can execute the following actions on an infected machine:


• Perform various file operations
• Perform screen captures
• Perform keylogging
• Execute a Remote Shell
• Process Manager
• Uninstall the backdoor from the machine
• Webcam view
• Perform Audio captures
• Download/execute files
• Update the server
• Open URLs

Last update 23 April 2009

 

TOP