|
It is same with BackOrifice.Trojan.
If it is run on a PC using TCP
or UDP networking under Windows 9x or Windows NT, a remote
user with the appropriate client software will be able to
gain unauthorised access to the machine. The remote user will
be able to read, write, delete and transfer files to and from
the affected machine. If they use a plugin supplied with Back
Orifice 2000 they will be able to see what is on the screen
of the affected machine and also take control of the mouse
and keyboard. The affected machine can also be configured
to be an HTTP file server allowing anyone with a web browser
to transfer files to and from it.
If it is configured to remain
active after the computer is rebooted it will add a key containing
the name of the infected file to the registry under:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
The trojan exist in two versions,
US and International. The only difference is that the US version
includes the use of strong encryption on the information transferred
between the affected machine and the remote client.
|
