| VID |
24050 |
| Severity |
40 |
| Port |
10085,10086 |
| Protocol |
TCP |
| Class |
BackDoor |
| Detailed Description |
Backdoor Syphillis is detected.
Syphillis is a trojan horse program created Nov. 1999, which is written in Delphi 4. This backdoor consists of Syphillis.exe(Client program) and shell32.exe(Server program). It uses 10085(or 10086) TCP port as default port, which can't be changed. packet32.dll is required to run the trojan. It has ICQ trojan features and also new features such as a packet sniffer or the ability to send UDP messages. If this backdoor is running, you can find the registry key named "Win32 Shell" that has a data value of Shell32.exe in the registry located at 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'.
With the Syphillis backdoor, a remote attacker can do the following :
- File Management
- Get System information(CPU, network, OS, memory, ...)
- Log off/ shutdown
- Configure/Remove server
- Get cached passwords
- Set internet start page
- Key logger
- Packet sniffer
- Registry editor
- Telnet server
- UDP listen/send
- View connections/Internet history/processes/running applications/shares
- Show/hide desktop icons/start button/task bar
- Download FTP or HTTP file
- Execute file
- Get ICQ information
- Change ICQ state
- Add contact (ICQ)
* Platforms Affected:
Microsoft Windows Any version
* References:
http://www.iss.net/security_center/static/4814.php
http://www.dark-e.com/archive/trojans/syphillis/118/index.shtml
http://www.glocksoft.com/trojan_list/Syphillis.htm |
| Recommendation |
Remove it from your computer :
1. Remove the "Win32 shell" key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run by using regedit or any other registry editing program.
2. Reboot the computer or close Shell32.exe.
3. Delete the trojan file Shell32.exe in the windows system directory. Shell32.log in the windows system directory keeps a log of who and at what time other computers logged on.
-- OR --
Remove it from your computer by using a vaccine program(anti-virus program). |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
