SecurityHome.eu Backdoor.Comdinter

Home / malware PDF

Backdoor.Comdinter

First posted on 05 March 2014.
Source: Symantec
Aliases :
There are no other names known for Backdoor.Comdinter.
Explanation :
When executed, the Trojan creates following registry entry so that it runs every time Windows starts:
HKEY_CURRENT_USER\Microsoft\Windows\CurrentVersion\Run\"SVC_Host" = "[PATH TO THREAT]"

It then attempts to connect to the following URL in order to check network connectivity:
http://www.google.com

The Trojan then opens a back door on the compromised computer and connects to the following location to receive commands:
[http://]37.59.237.106
Last update 05 March 2014

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

Backdoor.Typideg!gen1
Backdoor.Breut!gm
Backdoor:Solaris/Wanukdoor.A
Backdoor.Winnti!gen3
Backdoor.Korplug!gm
Backdoor.Gresim!gen1
Backdoor.Win32.Wisdoor.N
Backdoor:W32/PcClient.YW
Backdoor.Destover
Backdoor.Oldrea!gen1