The Web    Google
9/9: BackDoor-CEB.C Remote Access Trojan

9/9: BackDoor-CEB.C Remote Access Trojan
September 9, 2004

BackDoor-CEB.c is a remote access trojan that is downloaded by W32/Mydoom.u@MM. It bears the following characteristics:

  • stealths its activity on the victim machine
  • serves as a HTTP proxy
  • serves as an SMTP relay
  • attempts to connect to numerous remote IRC servers (for remote reporting/command)
  • appends the local hosts file (in an attempt to disable updating of many AV products)

    The trojan attempts to connect to a remote IRC server to await command. It carries a list of IP addresses and relevant ports for certain servers. View them and other information at McAfee page.

  • Plenty of IM Security Holes Left to Plug
  • Sasser Worm Spreading Rapidly
  • 12/6: Atak-B a Mass-Mailing Worm
  • 5/11: Ifbo-A Worm Exploits LSASS Flaw
  • 9/9: Trojan.Riler Installs Itself As LSP
  • 5/17: Flush-D Trojan Modifies DNS Server
  • 3/16: Trojan.Alpiok Modifies Hosts File
  • Disaster Recovery Vs. Business Continuity
  • 7/21: Lovgate-V Worm Provides Remote Access
  • 10/12: Forbot-BD Runs in Background
  • DOJ Scores First Criminal P2P Convictions
  • Discussion on Security Camera