| Port No | 1000 |
| Service Name | DS3 |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | BKDR_SPAEHER also known as DER SPAEHER V3 or DS3, is a backdoor malware. It is comprised of two parts: the Server program and the Client program. This backdoor malware can be configured to access/hack any computer, including servers. BKDR_SPAEHER.C is the Client program which is installed on the hacker's side. And when the Server portion is also successfully installed on the target's side (i.e., the file named HALLO.EXE is executed in the target computer), the hacker with the Client program then has the ability to manipulate the target computer. |
| Reference Link | SPAEHER |
| Attack | Details:: The program has the ability to do various operations on the target computer. According to the Backdoor maker, Mario Parzer aka PhilippP, these manipulations include: File Management – download, upload, copy, kill, rename, execute files. Windows – current user, minimize, maximize window, close all windows. Screenshots Registry – get/set the registry Additional Functions – shut down windows, restart/shutdown computer, tile windows, play sounds, open/close cd-rom, get/set date and time, ctrl-alt-del key on/off, freeze screen, flip screen, change resolution, find e-mail of victim. ICQ – steal icq passwords, find out icq uin number/nickname, close icq, get online list, send message with victims UIN. Trend Micro antivirus detects this Client program as BKDR_SPAEHER.C (SPAEHER.EXE, DS3.EXE, or DS3-MINI.EXE). It detects the Server program as BKDR_SPAEHER.S (HALLO.EXE). By default, when run on a target computer, BKDR_SPAEHER.S (Hallo.exe) copies itself in the Windows\System directory to a DKBDLL.EXE file and adds an entry to the registry as follows: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\ CurrentVersion\Run\Explore = “C:\windows\system\dkbdll.exe Hi” The hacker can change the Registry key and value with any name after gaining access to the target computer. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.