Event ID - 3456

Port No3456
Service NameFEARIC
RFC Doc0
ProtocolTCP
DescriptionThis detection and analysis is based on the client side of a backdoor. When used with its server counterpart, which installs on target machines, this malware allows remote users to access compromised systems.
Reference LinkFEARIC
AttackSolutions:

This backdoor malware is written in Microsoft Visual Basic. It is used to remotely control machines compromised and infected with its server counterpart. Users of this malware may remotely issue several commands to be executed in the compromised machine, including:

Restart/Shutdown target system
Log keysstrokes
Display message boxe
Toggle keyboard keys
Set clipboard text content
Open/Eject CD-ROM drive
Show/Hide Taskbar button
Control mouse
Steal IP addresses
Auto-update the client
This backdoor has a feature which allows it to check for updates and auto-update itself. It steals IP addresses by sending a customized link to target systems. All IP addresses of users who visit this link is logged by this client program.

This backdoor program provides the following link in its About menu:

http://iceman.gq.nu.

The page contains information and notes about the backdoor malware. The client and server components of the the backdoor malware are also uploaded here. Users however, cannot download these because the server does not grant sufficient access rights to the files.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.