| Port No | 51966 |
| Service Name | Cafeini |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | Cafeini is a backdoor Trojan that infects vulnerable Microsoft Windows operating systems. Once the Cafeini server is launched, it copies itself to the c:\Documents and Settings\%User%\ directory where %User% is the logged in user. It monitors Transmission Control Protocol (TCP) port 51966 for an incoming connection from the attacker. Registry auto-run keys are added so that the Trojan server part is executed whenever Windows restarts. |
| Reference Link | More Information |
| Attack | Name:Cafeini Through the Cafeini client, an attacker could execute malicious actions including: 1. Enable or disable access to the appearance page, screen saver page, and background page in Display Properties 2. Enable or disable access to the Disk Operating System (DOS) prompt, regedit.exe program, Run in the Start menu, and appearance page in Display Properties 3. Disconnect the modem connection. 4. Hide or show the Start button and taskbar 5. Modify the recycle bin name 6. Modify the screen resolution 7. Invert the screen (make the desktop upside-down) 8. Control the keyboard and cursor 9. Obtain system information |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.