Backdoor:Win32/Ryknos.A is a backdoor Trojan that targets computers running certain versions of Microsoft Windows. The Trojan opens a backdoor on the infected computer to receive commands from attackers. If the rootkit VirTool:WinNT/F4IRootkit is already installed on the target computer, the Trojan uses the rootkit to hide.

Backdoor:Win32/Ryknos.B is a backdoor Trojan that targets computers running certain versions of Microsoft Windows. The Trojan opens a backdoor on the infected computer to receive commands from attackers. If the rootkit VirTool:WinNT/F4IRootkit is already installed on the target computer, the Trojan uses the rootkit to hide.

Backdoor:Win32/Kyzbot.A is a trojan that allows an attacker to control your computer remotely via an Internet Relay Chat (IRC) channel.

Backdoor:Win32/Ginwui.B is a Trojan dropper that installs a backdoor and rootkit on impacted systems. 

 

Backdoor:Win32/Ginwui.B was initially discovered being dropped and executed by Exploit:Win32/Wordjmp, an exploit targeting Microsoft Word 2002 and 2003. For details regarding Exploit:Win32/Wordjmp, see:

http://www.microsoft.com/security/encyclopedia/details.aspx?Name=Exploit:Win32/Wordjmp

 

Details and mitigation techniques for the exploit are described in Microsoft Security Advisory 919637, which can be viewed at: http://www.microsoft.com/technet/security/advisory/919637.mspx 

Backdoor:Win32/IRCbot.R is a backdoor Trojan that listens via pre-defined IRC channels, responding to commands from remote attackers. Backdoor:Win32/IRCbot.R registers itself as a service using the name "Windows Genuine Validation Notification", presumably in an attempt to masquerade as a legitimate Microsoft Windows component. Backdoor:Win32/IRCbot.R lowers security settings on the infected computer, possibly leaving the system vulnerable to further compromise.

Update: This threat has been renamed [URL]Backdoor:Win32/Mocbot.A.

 

Backdoor:Win32/Graweg.A is an IRC Trojan that connects to an IRC channel and awaits commands from remote attackers. When instructed, Backdoor:Win32/Graweg.A begins searching the local network for systems which have not yet applied the Microsoft Windows Server Service security patch described in Microsoft Security Bulletin MS06-040. The Trojan also includes the ability to send messages via AOL Instant Messenger (AIM) and ICQ. The exploit code used by Backdoor:Win32/Graweg.A is only effective against un-patched systems running Windows 2000. However, the Trojan can still infect patched versions of Windows 2000 and other Windows operating systems by means other than exploit. For example, Backdoor:Win32/Graweg.A could be distributed as an e-mail attachment, or a link to the Trojan could be sent to e-mail or AIM recipients.

 

Backdoor:Win32/Graweg.A may lower security settings on infected systems and allows the system to be used for nefarious purposes, such as launching a Denial of Service (DoS) attack against others. Backdoor:Win32/Graweg.A includes the ability to download other files, thus the Trojan could update its functionality or download additional malicious software to infected systems.

 

Backdoor:Win32/Graweg.A has been assigned CME ID 482 and will be detected by Microsoft as

Update: This threat has been renamed Backdoor:Win32/Mocbot.A.

 

Backdoor:Win32/Graweg.B is an IRC Trojan that connects to an IRC channel and awaits commands from remote attackers. When instructed, Backdoor:Win32/Graweg.B begins searching the local network for systems which have not yet applied the Microsoft Windows Server Service security patch described in Microsoft Security Bulletin MS06-040. The Trojan also includes the ability to send messages via AOL Instant Messenger (AIM) and ICQ. The exploit code used by Backdoor:Win32/Graweg.B is only effective against un-patched systems running Windows 2000. However, the Trojan can still infect patched versions of Windows 2000 and other Windows operating systems by means other than exploit. For example, Backdoor:Win32/Graweg.B could be distributed as an e-mail attachment, or a link to the Trojan could be sent to e-mail or AIM recipients.

 

Backdoor:Win32/Graweg.B may lower security settings on infected systems and allows the system to be used for nefarious purposes, such as launching a Denial of Service (DoS) attack against others. Backdoor:Win32/Graweg.B includes the ability to download other files, thus the Trojan could update its functionality or download additional malicious software to infected systems.

 

Backdoor:Win32/Graweg.B has been assigned CME ID 762 and will be detected by Microsoft as

Backdoor:Win32/Tuesoy.A is a backdoor Trojan that may be dropped by TrojanDropper:Win32/Tuesoy.A.

 

TrojanDropper:Win32/Tuesoy.A exploits the vulnerability described in Microsoft Security Bulletin MS06-047.

Backdoor:Win32/Mocbot.A is an IRC trojan that connects to an IRC channel and awaits commands  from remote attackers. When instructed, Backdoor:Win32/Mocbot.A begins searching the local network for systems which have not yet applied the Microsoft Windows Server service security patch described in Microsoft Security Bulletin MS06-040. The trojan also includes the ability to send messages via AOL Instant Messenger (AIM) and ICQ.

 

The exploit code used by Backdoor:Win32/Mocbot.A is only effective against un-patched systems. The trojan can still infect patched versions of Windows by means other than exploit. For example,  Backdoor:Win32/Mocbot.A could be distributed as an e-mail attachment, or a link to the trojan could be sent to e-mail or AIM recipients.

 

Backdoor:Win32/Mocbot.A may lower security settings on infected systems and allows the system to be used for nefarious purposes, such as launching a denial of service (DoS) attack against others. Backdoor:Win32/Mocbot.A includes the ability to download other files, thus the trojan could update its functionality or download additional malicious software to infected systems.

 

Backdoor:Win32/Mocbot.A has been assigned CME ID 482 and will be detected by Microsoft as Backdoor:Win32/Mocbot.A!CME-482.

Update: This threat was originally detected as Backdoor:Win32/Graweg.B.

 

Backdoor:Win32/Mocbot.B is an IRC Trojan that connects to an IRC channel and awaits commands from remote attackers. When instructed, Backdoor:Win32/Mocbot.B begins searching the local network for systems which have not yet applied the Microsoft Windows Server Service security patch described in Microsoft Security Bulletin MS06-040. The Trojan also includes the ability to send messages via AOL Instant Messenger (AIM) and ICQ. The exploit code used by Backdoor:Win32/Mocbot.B is only effective against un-patched systems running Windows 2000. However, the Trojan can still infect patched versions of Windows 2000 and other Windows operating systems by means other than exploit. For example, Backdoor:Win32/Mocbot.B could be distributed as an e-mail attachment, or a link to the Trojan could be sent to e-mail or AIM recipients.

 

Backdoor:Win32/Mocbot.B may lower security settings on infected systems and allows the system to be used for nefarious purposes, such as launching a Denial of Service (DoS) attack against others. Backdoor:Win32/Mocbot.B includes the ability to download other files, thus the Trojan could update its functionality or download additional malicious software to infected systems.

 

Backdoor:Win32/Mocbot.B has been assigned CME ID 762 and will be detected by Microsoft as