|VIRUS NAME : BackDoor-OG
There are many variants of this remote access trojan. This is due to a configuration tool that is used by an attacker to modify the actions of this trojan. As such, the description shown here is only a guide for the types of actions BackDoor-OG takes.
This IRC bot trojan arrives as an executable file. When run, the trojan may get copied to the WINDOWS SYSTEM directory. A registry key is created to load the trojan at startup. Such as:
Once running, the trojan connects to an Internet Relay Chat server and joins a specified channel. At this point an attacker can send private messages to the bot, which contain instructions to initiate a Denial Of Service attack against another machine on the Internet.
- Port 6667 being unrepentantly accessed..
Method Of Infection
When this trojan is run, it installs itself to load each time Windows starts.