The Web    Google
6/28: Backdoor-CCL Running Wild

6/28: Backdoor-CCL Running Wild
June 28, 2004

Backdoor-CCL is a Trojan that when executed, the file runs silently, no GUI message boxes appear. It immediately removes itself from the current location from where it is being run from and moves itself to the %windows\%system directory.

To launch itself at system start it creates a registry key under:

  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  • with Value : winhostcfg.exe
  • with Data : C:\WINNT\winhostcfg.exe

    It connects to IP, with destination port 8000 and source port 1425.

    More information is at McAfee page.

  • 2/17: Rbot-WB Worm Has Trojan Functions
  • 3/30: PWSteal.Reanet-c Steals Bank Info
  • 5/19: Webloin Trojan Downloads DLL File
  • 6/10: Agobot-JT Allows Unauthorized Access
  • 11/16: Agobot-NX an IRC Trojan & Worm
  • 4/8: Mytob-AB Worm Comes as Attachment
  • 4/4: VBS.Kuullio Worm Sends Emails
  • 6/28: Backdoor-CCL Running Wild
  • Meta Group Slams Wireless LAN Suppliers on Security
  • Sigaba Extends Email Security To Wireless LANs, Blackberry
  • 3/8: Tibick-C a P2P Worm
  • Discussion on Security Camera