| VID |
24044 |
| Severity |
40 |
| Port |
21,5400,5401,5402 |
| Protocol |
TCP |
| Class |
BackDoor |
| Detailed Description |
Backdoor Blade Runner is detected.
Blade Runner is a open source trojan horse program created Mar. 1999, which is written in Delphi 3. This backdoor consists of Client.exe(Agent program) and Server.exe(Server program). It uses 21(FTP), 5400, 5401, 5402 TCP port as default port, which can't be changed. If this backdoor is running, you can find the registry key named "System-Tray" in the registry located at 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'.
With the Blade Runner, a remote attacker can do the following:
- Chat
- File management (browsing, upload/download, make/remove a directory, ...)
- FTP on/off
- Get ICQ Uin
- Get System Information(user, operating system, resolution, processor, ...)
- Get time
- Hide/Show cursor
- Kill server
- Open/Close CD-Rom
- Popup a message
- Run file
- Show picture
- Start on/off
- View/Kill applications
* Platforms Affected:
Microsoft Windows Any version
* References:
http://www.iss.net/security_center/reference/vuln/BladeRunner_TCP_Request.htm
http://www.dark-e.com/archive/trojans/blade/index.shtml |
| Recommendation |
Remove it from your computer.
1. Remove the 'System-Tray' key located in the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ by using regedit or any other registry editing program.
2. Reboot the computer or close the trojan Server.exe.
3. Delete the trojan file Server.exe that was running from the System-Tray key.
-- OR --
Remove it from your computer by using a vaccine program(Anti-virus program). |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
