SecurityHome.eu Backdoor.Klabcon

Home / malware PDF

Backdoor.Klabcon

First posted on 11 June 2014.
Source: Symantec
Aliases :
There are no other names known for Backdoor.Klabcon.
Explanation :
It has been reported that the Microsoft Windows Common Controls ActiveX Control Remote Code Execution Vulnerability (CVE-2012-0158) is being exploited to spread this Trojan.

When the Trojan is executed, it drops the following clean digitally signed file:
%ProgramFiles%\WinSys\NtSmart.exe

It may also drop the following files:
%ProgramFiles%\WinSys\nvsmartmax.dll%ProgramFiles%\WinSys\Svchost.dll%System%\MsTel32.dll
The Trojan then opens a back door on the compromised computer, and connects to one or more of the following domains:
anakin.kmdns.netrookie819.eicp.net
The Trojan steals the following information from the compromised computer and sends it to the remote attacker:
Computer nameOperating system informationVolume information
Last update 11 June 2014

TOP

Malware :

Backdoor:Win32/Heloag.A
Exploit:Win32/CVE-2011-3402
Trojan:Win32/Obfac
Exploit:Win32/Pdfjsc.YP
TrojanDownloader:Win32/Bofang.B

Last 20

Family:

Backdoor.Typideg!gen1
Backdoor.Breut!gm
Backdoor:Solaris/Wanukdoor.A
Backdoor.Winnti!gen3
Backdoor.Korplug!gm
Backdoor.Gresim!gen1
Backdoor.Win32.Wisdoor.N
Backdoor:W32/PcClient.YW
Backdoor.Destover
Backdoor.Oldrea!gen1