Backdoor.ASP.S.Ace.92570
| Aliases | |||
|---|---|---|---|
| Typical Symptoms | |||
| Discovered | [korea] 0000-00-00 [Foreign] 0000-00-00 |
||
| Type | Backdoor | ActiveField | Win32 |
| Destory/Distribution |   |
||
| Origin | others | Encryption | NO |
| Location | Macro | Memory residence | NO |
| Scan engine needed |
2011-8-25 [Able to detect & repair]
|
||
A. Route of InfectionBackdoor.ASP.S.Ace.92570 does not spread out as itself, and it is downloaded from hacked site or other malicious codes such as Spy/Adware, Dropper, and etc. B. Symptom of Infection1) It is an ASP file, so it cannot be executed like normal file nor through web, either. 2) Once it is executed, password request window comes out and runs after password inputting.
[PIC 1] Password request page
3.) The code is one of the WepShells, so pops up the following window and shows ASP server information. Also, it is available to download file or folder and to copy, delete, and move as itself.
[PIC 2] ASP server's file contents
4) The code has Iframe function, so it can access to wherever it wants by inserting codes.
[PIC 3] Iframe insertion
5) It is available to check ASP server's system version and information.
[PIC 4] ASP server's information |
[How to repair] |
