Home / malware Backdoor.Baccamun
First posted on 26 July 2014.
Source: SymantecAliases :
There are no other names known for Backdoor.Baccamun.
Explanation :
The Trojan may be dropped by Trojan.Mdropper or Trojan.Dropper.
Once executed, the Trojan creates the following file:
%Windir%\Tasks\taskmgr.exe
It then creates the following registry entry so that it runs every time Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"Java Run Environment 1.1.0023\" = "%Windir%\tasks\taskmgr.exe"
Next, the Trojan connects to the following remote location:
www.telecom.ntdll.net
The Trojan then opens a back door on the compromised computer, allowing an attacker to perform the following actions:
Download filesExecute arbitrary commandsLast update 26 July 2014
