RE: So I .... |
||
 Ker sefo >1) How do you manipulate a backdoor like My.doom once its inplace? Find the source code of the trojan or a detailed analysis and retrieve the commands that can be used. You know what you're doing, right? * The "phone home" command. This command is initiated by other W32/Mydoom.O compromised hosts. When the backdoor receives this command, it will send the client an up-to-date list of 128 IP addresses in encprypted form and then adds the IP of the client to it's logfile. When the client receives the list, it will decode it and add the IPs (if they are new) to it's logfile. * Send logfile. The backdoor will send the complete logfile to the client. This command differs from the "phone home" command as the whole logfile will be sent and the client's IP will not be added to the backdoor's logfile. * Receive logfile. The backdoor will check the integrity of the logfile and add the IPs to it's logfile if they are new. * Upload and execute a file. The backdoor will download a file to the computer's %temp% directory, execute the file and then delete it. Replies:
|
||
| CyberArmy::Forum v0.6 Generated In 0.01396 seconds |
2007-12-07 04:13:19