| Port No | 20005 |
| Service Name | MOSUCK |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | This backdoor malware takes advantage of a free Internet-based server service, which is offered at a legitimate site. Like other backdoors, this malware has a server and a client component. This backdoor, however, is unique in that it can access a remote system that is infected with its server component via the Internet. Once this infected machine visits a site, which is setup through the free server service, it sends out a notification to another remote machine running the client program. This simple ability implies serious remote manipulation capabilities, using the same technique. |
| Reference Link | MOSUCK |
| Attack | Solutions: Once the malicious program has been identified, you need to terminate it from memory. In this procedure, you will need the names of the file or files detected earlier as BKDR_MOSUCK.B. Open Windows Task Manager. On Windows 9x/ME systems, press CTRL+ALT+DELETE On Windows NT/2000/XP systems, press CTRL+SHIFT+ESC then select the Processes tab. In the list of running programs, locate the malware file or files detected earlier. The extension name of the file may not be shown in the list of processes in the Task List. Select one of the detected files, and then press either the End Task or the End Process button, depending on your version of Windows. Do the same for all detected malware files in the list of running processes. To verify if the malware process has been terminated, close Task Manager then open it again. Close Task Manager. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.