| Port No | 31789 |
| Service Name | Hack-a-tack |
| RFC Doc | 0 |
| Protocol | UDP |
| Description | Hack-a-tack Backdoor. Remote access login port using udp shell. Hack¦a¦Tack |
| Reference Link | More Information |
| Attack | Name:Hack'a'tack Server Features: 1. Client can upload it's IP to an FTP server. When the server is online it will look up the client's IP from the file the client put on the FTP server and will instruct the client to connect to the server's current IP. 2. Control input devices (mouse/keyboard) 3. Control running processes 4. Hide/show task bar (also in intervals) 5. Logging of all passwords/decoding of ICQ passwords 6. Make screen shot (quality can be adjusted) 7. Open/close cd-rom (also in intervals) 8. Provide info about computer it's running on Put monitor in standby mode/get it out of standby mode (also in intervals) 9. Send messages & chat 10. Send text to focused windows (also in intervals) 11. Shutdown/reboot/logoff/poweroff 12. Upload/downloads/delete/execute files 13. View keystrokes (realtime & offline) 14. View/adjust display setting 15. View/edit clipboard Comments: Every two minutes, the server tries to get a file from: http://members.xoom.com/HaTFTP/ip.txt I haven't had the time to figure out the use of this, perhaps this has something to do with the "Transmit IP" feature of the client, or perhaps this is a stealth "feature" built-in by the authors of the trojan. The location is hard coded into the server-executable. How To Remove: 1. Remove the Explorer32 key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. This can be done with regedit or any other registry editing program. 2. Reboot the computer or close Expl32.exe. 3. Delete the trojan file Expl32.exe in the windows directory |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.