| Port No | 17499 |
| Service Name | CrazzyNet |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | Crazzynet is a backdoor Trojan that infects vulnerable Microsoft Windows operating systems. Once the Crazzynet server is launched, it copies itself to the Windows directory using the filename, Registry32.exe. It monitors TCP port 954 for an incoming connection. Registry auto-run keys are added so that the Trojan server part is executed whenever Windows starts. Through the Crazzynet client, an attacker could perform malicious actions including obtain passwords, modify and retrieve system settings, record keystrokes, upload and download files, and execute files. |
| Reference Link | More Information From Symentec J-Security Center |
| Attack | Name:Crazzynet This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening. Backdoor Crazzynet is a Trojan that opens up a backdoor program that, once installed on a system, permits unauthorized users to remotely switch off internet access, alter the user interface, edit/transfer files, manipulate windows, etc. Crazzynet typically operates over ports 1166, 1167, 17499, and 17500 via TCP. There are several Backdoor detection programs on the market that are said to be able to scan for and detect a Backdoor Crazzynet server on your system. Some of the better known AntiVirus vendors have included detection strings in their virus definitions. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.