| | site-map | e-mail

User:

Guest

Name: Password:

www.center.hu / Archive / Security news / july, 2005 / Win32.Emtee.A (CA.com) 

Win32.Emtee.A (CA.com)

Win32.Emtee.A (CA.com)

Description Published: 2005. június 30.
Description Modified: 2005. július 1.

Type: Trojan
Category: Win32
Also known as BackDoor-CPX (McAfee), Backdoor.Win32.Agent.km (Kaspersky)

 

Description

Win32.Emtee is a multi-purpose compromise utility with features including manipulating security settings, extracting sensitive information, downloading files from remote locations, executing arbitrary programs, and accepting remote commands, etc.

Emtee.A has been distributed as 40,960-byte, UPX–packed, Win32 console application and was discovered on compromised systems as a part of an attack

Emtee accepts a number of command line options and arguments.

Supported features include:

* Process termination;
* Process starting;
* System shutdown;
* System re-boot;
* Backdoor server installation;
* System log reset;
* Service installation;
* Service stopping and removal;
* Account creation;
* Account removal;
* TCP connection stopping;
* Port redirection;
* File download (via HTTP and FTP);
* File execution.

One of the supported options triggers the removal of the Win32/Dfcsvc worm (aka Win32/Anig). Please see elsewhere in our encyclopedia for information on this worm.

 

More information on CA Virus Information Center: 
http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=43278

Computer Associates – the Trusted Source of Security Knowledge

 

2005-07-02 17:38

Back