x
Home
Search
Topics
Almanac
Science
Nature
People
History
Society
Signup
Login
HOME
TOPICS
ALMANAC
SCIENCE
NATURE
PEOPLE
HISTORY
SOCIETY
PHILOSOPHY
Bandook
Topic Home
Discussion
0
Definition
Encyclopedia
Bandook Rat is a backdoor trojan horse
Trojan horse (computing)
A Trojan horse, or Trojan, is software that appears to perform a desirable function for the user prior to run or install, but steals information or harms the system. The term is derived from the Trojan Horse story in Greek mythology.-Malware:A destructive program that masquerades as a benign...

 that infects Windows NT family systems (Windows 2000, XP, 2003, Vista, 7). It uses a server creator, a client and a server to take control over the remote computer. It uses process hijacking / Kernel Patching to bypass the firewall, and allow the server component to hijack processes and gain rights for accessing the internet.

in another Term :

Bandook RAT is a remote access trojan or a Trojan
Trojan horse (computing)
A Trojan horse, or Trojan, is software that appears to perform a desirable function for the user prior to run or install, but steals information or harms the system. The term is derived from the Trojan Horse story in Greek mythology.-Malware:A destructive program that masquerades as a benign...

 that enables remote access to another computer. The client contains features that can be used maliciously, most notably a file manager, screen capture utility, keystroke logger, and process manager. .

The server component (28,200 bytes) is dropped under Windows, System32 or Program Files , Applications folders, the default name is ali.exe. Once the server component is run, it establishes a connection to the attacking client, that listen for incoming connections on a configurable port to allow the attacker to execute arbitrary code from his computer.

The server editor component has the following capabilities:
  • Create the server component
  • Change the server component's port
    Transmission Control Protocol
    The Transmission Control Protocol is one of the core protocols of the Internet Protocol Suite. TCP is one of the two original components of the suite, complementing the Internet Protocol , and therefore the entire suite is commonly referred to as TCP/IP...

     number and/or IP address
    IP address
    An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...

     / DNS
    Domain name system
    The Domain Name System is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities...

    , Persistence , Rootkit , SDT Restore and more
  • Change the server component's executable name, installation folder, target process hijacking
  • Change the name of the Windows registry
    Windows registry
    The Windows Registry is a hierarchical database that stores configuration settings and options on Microsoft Windows operating systems. It contains settings for low-level operating system components as well as the applications running on the platform: the kernel, device drivers, services, SAM, user...

     startup entry or ActiveX key
  • Enable Offline Keylogger , Offline Instant Messengers Spy


Features list of the Program
  • Firewall bypass method: FWB#++ (Code Injection , API Unhook , Kernel Patch)

  • reverse connection, all traffic through one port

  • Safe Thread Based Client

  • Persistence (this feature causes the server to become irremovable)

  • Rootkit (obscures infection of another computer)

  • Plugins-based Server (30 KB Packed)

  • Different Installation Pathes

  • PNG / JPEG Compressions for screencapture and webcam


Managing Features
  • Filemanager with multiple functions, including Folder Mirror , RAR Folder/Files , File Search , Infect Files , Multiple Files Download / Upload , Download / Upload manager

  • Registry Editor with multiple functions

  • Process manager (Shows Full path , and Modules Manager)

  • Windows Manager (including a Send Key Function)

  • Services Manager


Connection Features
  • SOCKS 4 proxy

  • HTTP / HTTPS proxy

  • Port Redirection

  • TCP TUNNEL

  • HTTP WEB Server

  • FTP Server

  • Remote Shell

  • Flooding ( Mailbomb , DDOS attacks)


Spying Features
  • Screen manager with Screen Clicks

  • Cam manager that Supports system with Multiple Cams

  • Mic Manager (records audio from microphone)

  • Ims Spy (MSN,YAHOO,AIM)

  • Live keylogger

  • Offline keylogger (Colored HTML) , Live Passwords , IMS Spy with Automatic Delivery to FTP

  • Cached PWS Fetcher [6 embended PWS Plugins]

  • VNC (Remote Desktop Live Control)

  • Site Detection : Check all VICs and know which one visits a specific site

  • Clipboard manager

  • Information about the infected machine

  • Cache Reader

  • Screen Recorder ( Record the user activities on the Screen into AVI Movies)


Others
  • Shutdown Menu

  • Nuclear Fun Agent (nuisance)

  • Download from WEB / Mass Download / Selection Download

  • Browser launcher with site selection


Older versions of this malware
Malware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...

 had ability to change their look using skinnable windows.

External links

The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
Silverdale Interactive © 2024. All Rights Reserved.
 
x
OK