Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


More-and-more Backdoor.LV Samples Uncovered, Reports FireEye

A report that FireEye the U.S-located network security company has just released states that Backdoor.LV a new malicious program, which operating through port 80, utilizes custom protocol for sending and receiving messages from its central C&C (Command and Control) server, is constantly proliferating ever-since May this year (2012).

The company also notes that Backdoor.LV finds out the NetBIOS name, locale, end-user, date as also the Windows OS type of its host machine followed with informing all those details to its central C&C server. Alongside, it as well relays its existing version form to the same command and control.

Incidentally, the researchers at FireEye intercepted a stream viz. Transmission Control Protocol (TCP) that links the malware to its command and control, and which helps in figuring out Backdoor.LV's activity. Moreover, FireEye outlines 3 more fields, one, which is certain 'no' string, and the rest scripted within base64.

Furthermore, as the researchers cracked the scripting of one base64 parameter they obtained certain Arabic-lettered string, which in English means "mining the personal." Subsequently they found the other parameter of base64 as informing about a contaminated PC's window to the command and control server. Finally, the string called 'no' had an interesting function within Backdoor.LV, the researchers uncovered.

Curiously, FireEye says that nearly every one of the samples seen was coded with .Net. Further, examining the code for the string known as 'no' in detail, revealed the type of the latter, while reversing it revealed certain function namely inf() that helped craft the message for the remote server. And in case of a web-cam fitted on the hijacked computer, the malware transmitted a "Yes" else "No" to the server, the researchers emphasize.

Finally, though the Backdoor.LV gathers vital data related to the end-user as also his computer, which has been compromised, yet it astonishingly creates one dialog box after it is executed which directs the end-user for activating one give executable known as "Trojan.exe." Finding such a filename that's obviously malicious, one can but conjecture if this malicious program got created for people not speaking the English language, finishes off the security company FireEye.

Related article: More Of Sophisticated Spam This Year

ยป SPAMfighter News - 9/13/2012

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page