Backdoor:Win32/Caphaw.A

From Botnets.fr
Jump to navigation Jump to search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

Backdoor:Win32/Caphaw.A
Botnet Shylock
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date /
Editor/Conference
Link http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3aWin32%2fCaphaw.A (Archive copy)
Author
Type

Abstract

Backdoor:Win32/Caphaw.A attempts to communicate using TCP port 443 to certain servers, such as the following:

  • web<removed>es.cc
  • exte<removed>adv.cc
  • no<removed>here.cc
  • commonworld<removed>.cc

An attacker can perform any number of different actions on an affected computer infected with this threat, such as:

  • Control of the system desktop, which allows the attacker to see the desktop, and to gain control of the mouse and keyboard
  • Access to files and folder via a internal FTP server
  • Redirect Internet traffic via a proxy server
  • Send ICMP packets that can be used in distributed denial-of-service (DDoS) attacks
  • Log and redirect web traffic from Mozilla Firefox and Internet Explorer
  • Update itself
  • Shut down or restart the computer

Bibtex

 @misc{BFR1043,
   editor = {},
   author = {},
   title = {Backdoor:Win32/Caphaw.A},
   date = {28},
   month = Mar,
   year = {},
   howpublished = {\url{http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3aWin32%2fCaphaw.A}},
 }