Home / malwarePDF  

Backdoor:Win32/Otlard.A


First posted on 12 March 2010.
Source: SecurityHome

Aliases :

Backdoor:Win32/Otlard.A is also known as Win-Trojan/Agent.185344.CU (AhnLab), BackDoor.Gootkit.2 (Dr.Web), Trojan.Win32.Pasmu.hd (Kaspersky), Agent.TFFS (Norman), Mal/Emogen-Y (Sophos), Adware.Purityscan (Symantec), Mal_DLDER (Trend Micro).

Explanation :

Backdoor:Win32/Otlard.A is a trojan that allows limited remote access and control of the computer by a remote attacker. The trojan could be instructed to download and execute arbitrary files.
Top

Backdoor:Win32/Otlard.A is a trojan that allows limited remote access and control of the computer by a remote attacker. The trojan could be instructed to download and execute arbitrary files. InstallationThis trojan may be installed by other malware. When it executes, it creates a mutex named "gootkit" and injects code into the Windows system process "svchost.exe". Payload Captures passwordsBackdoor:Win32/Otlard.A steals stored on the computer that are associated with the following commonly-used applications: Total Commander WSFTP CoffeeCup FTP Far Internet Explorer Opera Firefox CuteFtp Filezilla WinSCP Bulletproof FTP FlashFXP CoreFTP FF FTP Frigate FTP Commander FTP Explorer FtpRush SecureFX SmartFtp UltraFXP Allows limited remote access and controlBackdoor:Win32/Otlard.A attempts to connect to the remote site "v00d00.org" to download remote access configuration data such as downloading and executing arbitrary files. The trojan awaits connection and commands from a remote attacker using TCP port 1315.

Analysis by Vincent Tiu

Last update 12 March 2010

 

TOP

Malware :