Security researchers say they have found a new Trojan horse tool for hackers, called BackDoor-G.
The Trojan horse arrives in a user’s e-mail posing as a screen saver or game update file attachment. Upon execution, the program creates a security hole through which a hacker can add, delete, move or execute files on the victim’s computer at will from anywhere on the Internet.
BackDoor-G is being sent out in spam mail. Updated versions of virus-scanning software will detect the Trojan horse and allow users to delete it before it makes their system vulnerable to hackers.
The Trojan horse is similar to Back Orifice, a hacking tool that was released last year by a group calling itself the Cult of the Dead Cow.
BackDoor-G installs three files in the Windows and Windows/System directories of the victim’s hard drive. First, BackDoor-G.ldr is placed in the Windows folder, where it is used to load the main Trojan server, BackDoor-G.srv, in the Windows folder.
Network Associates says BackDoor-G.srv contains copies of Watching.dll or Lmdrk_33.dll. The DLL is copied into the WINDOWS/SYSTEM folder, where it is used by the Trojan server to monitor the Internet for connections from the client software. This file can be identified as BackDoor-G.dll. A configuration program called BackDoor-G.cfg is also dropped on the victim’s machine.
Further details are included in ZDNN’s story at http://www.zdnn.com.