| Port No | 5001 |
| Service Name | BACKDOOR.KAMIKAZE |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | This is a net hack tool similar to the Back Orifice and BackDoor viruses. It was created using DELPHI 3; it pretends to be a setup program lacking SETUP32.DLL. It copies itself with the filename "MSCHV32.EXE" in the \WINDOWS\SYSTEM subdirectory. In order to have itself executed at every startup, it creates an entry in the registry pointing to itself (\HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Run). It also adds the entry HKEY_CLASSES_ROOT\ DirectSockets in the Windows Registry. When this Trojan file is loaded, it enables a remote user to log into the infected system and take control over it (assuming the remote user has a client program and the correct IP address of the infected system). |
| Reference Link | BACKDOOR.KAMIKAZE |
| Attack | Details: Once the remote user has taken control of the infected system, he/she is capable of doing just about anything on the infected computer – this includes, but is not limited to, complete control of the file, video, keyboard systems, and the behavior of the desktop, monitor, speaker, cd-rom, mouse, speaker, and printer. Likewise, the hacker can play around with the start button, desktop icons, currently running processes, and all opened windows. Last but not least, he/she is able to communicate with the infected user via a chat-like window. The virus is able to download all the recorded passwords on the infected computer since startup. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.