Backdoor:Win32/Caphaw.A
Revision as of 19:07, 7 February 2015 by Eric.freyssinet (talk | contribs) (Text replacement - " www.microsoft.com" to "")
(Publication) Google search: [1]
| Backdoor:Win32/Caphaw.A | |
|---|---|
| Botnet | Shylock |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | / |
| Editor/Conference | |
| Link | http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3aWin32%2fCaphaw.A (Archive copy) |
| Author | |
| Type | |
Abstract
“ Backdoor:Win32/Caphaw.A attempts to communicate using TCP port 443 to certain servers, such as the following:
- web<removed>es.cc
- exte<removed>adv.cc
- no<removed>here.cc
- commonworld<removed>.cc
An attacker can perform any number of different actions on an affected computer infected with this threat, such as:
- Control of the system desktop, which allows the attacker to see the desktop, and to gain control of the mouse and keyboard
- Access to files and folder via a internal FTP server
- Redirect Internet traffic via a proxy server
- Send ICMP packets that can be used in distributed denial-of-service (DDoS) attacks
- Log and redirect web traffic from Mozilla Firefox and Internet Explorer
- Update itself
- Shut down or restart the computer
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permittedBFR1043,
editor = {},
author = {},
title = {Backdoor:Win32/Caphaw.A},
date = {19},
month = Apr,
year = {},
howpublished = {\url{http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3aWin32%2fCaphaw.A}},
}