| VID |
24046 |
| Severity |
40 |
| Port |
60411 |
| Protocol |
TCP |
| Class |
BackDoor |
| Detailed Description |
Backdoor Connection is detected.
Connection is an simple but lethal trojan horse program created May 2000, which is written in Brazil. It's distributed the version 1.0, 1.1, 1.2, 1.3. This backdoor consists of connection.exe(Client program), winoldap.exe(NormalServer program), and winoldap.exe(VirusServer program). The Virus Server obviously acts as an virus by attaching itself to other .exe files.
It uses 60411 TCP port as default port, which can't be changed. The version 1.2 and 1.3 require mswinsck.ocx and msvbvm50.dll to run the trojan. If this backdoor is running, you can find the registry key named "Winrun" that has a data value of C:\win\system\winrun.exe in the registry located at 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'.
With the Connection backdoor, a remote attacker can do the following :
- View the contents of the file system
- Get cached passwords
* Platforms Affected:
Microsoft Windows Any version
* References:
http://www.iss.net/security_center/static/4848.php
http://www.megasecurity.org/trojans/connection/
http://www.tlsecurity.net/backdoor/connection.htm |
| Recommendation |
Remove it from your computer :
1. Remove the "Winrun" key in the registry located at 'HKEY_CURRNET_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' by using regedit or any other registry editing program.
2. If the file C:\win\system\winrun.exe exists, delete it.
3. Reboot the computer.
-- OR --
Remove it from your computer by using a vaccine program(anti-virus program). |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
