Backdoor:Win32/Caphaw.A
Jump to navigation
Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
(Publication) Google search: [1]
| Backdoor:Win32/Caphaw.A | |
|---|---|
| Botnet | Shylock |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | / |
| Editor/Conference | |
| Link | http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3aWin32%2fCaphaw.A (Archive copy) |
| Author | |
| Type | |
Abstract
“ Backdoor:Win32/Caphaw.A attempts to communicate using TCP port 443 to certain servers, such as the following:
- web<removed>es.cc
- exte<removed>adv.cc
- no<removed>here.cc
- commonworld<removed>.cc
An attacker can perform any number of different actions on an affected computer infected with this threat, such as:
- Control of the system desktop, which allows the attacker to see the desktop, and to gain control of the mouse and keyboard
- Access to files and folder via a internal FTP server
- Redirect Internet traffic via a proxy server
- Send ICMP packets that can be used in distributed denial-of-service (DDoS) attacks
- Log and redirect web traffic from Mozilla Firefox and Internet Explorer
- Update itself
- Shut down or restart the computer
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permittedBFR1043,
editor = {},
author = {},
title = {Backdoor:Win32/Caphaw.A},
date = {26},
month = Apr,
year = {},
howpublished = {\url{http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3aWin32%2fCaphaw.A}},
}