| Port No | 2 |
| Service Name | Death |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | AVAILABLE IN DATABASE This backdoor program enables a remote malicious user to access and drop another backdoor program on the compromised system. Trend Micro detects the dropped backdoor program as BKDR_DEATH.24B.
It consists of three components: server client server-editor The server component may be configured by the server-editor program. It is installed on the target system where it listens to and opens port 30003. Upon establishing port connection with the server, the remote client component, which is controlled by a malicious user, effectively gains access to and control of the compromised system. This backdoor program enables malicious users to perform the following actions on compromised systems: get system information retrieve files create/remove directories retrieve cached passwords reboot/turn off/restart the system show/hide start button generate sounds log keystrokes It also employs autostart techniques, such as registry and system file modifications, to enable its automatic execution every Windows startup. |
| Reference Link | DEATH |
| Attack | Solution Terminating the Malware Program This procedure terminates the running malware process from memory. Open Windows Task Manager. On Windows 9x/ME systems, press CTRL+ALT+DELETE On Windows NT/2000/XP systems, press CTRL+SHIFT+ESC, and click the Processes tab. In the list of running programs*, locate the process: Select the malware process, then press either the End Task or the End Process button, depending on the version of Windows on your system. To check if the malware process has been terminated, close Task Manager, and then open it again. Close Task Manager. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.