The Web    Google
6/28: Backdoor-CCL Running Wild

6/28: Backdoor-CCL Running Wild
June 28, 2004

Backdoor-CCL is a Trojan that when executed, the file runs silently, no GUI message boxes appear. It immediately removes itself from the current location from where it is being run from and moves itself to the %windows\%system directory.

To launch itself at system start it creates a registry key under:

  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  • with Value : winhostcfg.exe
  • with Data : C:\WINNT\winhostcfg.exe

    It connects to IP, with destination port 8000 and source port 1425.

    More information is at McAfee page.

  • 9/7: MyWife-C a Mass-Mailing Worm
  • Taking on Cyber Crime's New Mob Ties
  • House Renews Anti-Spyware Push
  • 9/1: Bugbear-I a Mass-Mailing Worm
  • Gates Sends Letter on Spam to Congress
  • 1/12: Buchon-C a Mass-Mailing Worm
  • 3/29: Krynos-B Worm Drops Copy of Itself
  • Bagle Attack Picking up Speed
  • Security Policies - Not Yet As Common As You'd Think
  • 11/22: Swizzor-BQ Trojan Downloads, Runs Files
  • 11/23: Yanz-B Worm Written in MSVC
  • Buy Security Camera