Bandook

Bandook

Computer virus
Fullname = Bandook Remote Administration Tool
Common name = Bandook Rat
Technical name = Bandook Remote Administration Tool
Family = Bandook Rat
Aliases = Backdoor.Win32.Bandok.bd , Troj/Bandok-J , Backdoor.Bandook , BDS/Bandok.R.2
Classification = Trojan
Type = Windows NT, Windows 2000, Windows XP, Windows Server 2003 Windows Vista
Subtype = Backdoor
IsolationDate = 2005 - present (new variants being released)
Isolation = Unknown
Origin = Lebanon
Author = Princeali

Bandook Rat (short for Bandook Remote Administration Tool) is a backdoor trojan horse that infects Windows NT family systems (Windows 2000, XP, 2003, Vista). It uses a server creator, a client and a server to take control over the remote computer. It uses process hijacking / Kernel Patching to bypass the firewall, and allow the server component to hijack processes and gain rights for accessing the internet.

in another Term :

Bandook RAT is a secure remote control software or a Trojan that enables you to work on a remote computer as if you were sitting in front of it. This program is the ideal remote access solution. You can access the remote computer from multiple places and view its Screen , Camera , Listen on its Microphone , retrieve Passwords from it and more .

The server component (28,200 bytes) is dropped under Windows, System32 or Program Files , Applications folders, the default name is ali.exe. Once the server component is run, it tries to connect to its client, that listen for incoming connections on a configurable port, to allow the attacker to execute arbitrary code from his computer.

The server editor component has the following capabilities:
* Create the server component
* Change the server component's port number and/or IP address / DNS, Persistence , Rootkit , SDT Restore and more
* Change the server component's executable name, installation folder, target process hijacking
* Change the name of the Windows registry startup entry or activex key
* Enable Offline Keylogger , Offline Instant Messengers Spy

Features list of the Program

* Firewall bypass method: FWB#++ (Code Injection , API Unhook , Kernel Patch)

* reverse connection, all traffic through one port

* Safe Thread Based Client

* Persistence (Irremovable)

* Rootkit

* Plugins Based Server (30 KB Packed)

* Very Friendly Graphical User Interface

* Different Installation Pathes

* PNG / JPEG Compressions for screencapture and webcam

Managing Features

* Filemanager with all types of functions, including Folder Mirror , Rar Folder/Files , File Search , Infect Files , Multiple Files Download / Upload , Download / Upload manager

* Registry Editor with all type of Functions

* Process manager (Shows Full path , and Modules Manager)

* Windows Manager (including a Send Key Function)

* Services Manager

Connection Features

* Socks 4 proxy

* HTTP / HTTPS proxy

* Port Redirection

* TCP TUNNEL

* HTTP WEB Server

* FTP Server

* Remote Shell

* Flooding ( Mailbomb , DDOS attacks)

Spying Features

* Screen manager with Screen Clicks

* Cam manager that Supports system with Multiple Cams

* Mic Manager (Record voice from Mic)

* Ims Spy (MSN,YAHOO,AIM)

* Keylogger ( live One )

* Offline keylogger (Colored HTML) , Live Passwords , IMS Spy with Automatic Delivery to FTP

* Cached PWS Fetcher [6 embended PWS Plugins]

* VNC (Remote Desktop Live Control)

* Site Detection : Check all ur vics and know which one visits a specific site

* Clipboard manager

* Information about the remote machine

* Cache Reader

* Screen Recorder ( Record the user activities on the Screen into AVI Movies)

Others

* Shutdown Menu

* Nuclear Fun Agent (Fun)

* Download from WEB / Mass Download / Seclection Download

* Visit Site

Older versions of this malware had ability to change their look through using skinnable windows.

External links

* [http://www.megasecurity.org/trojans/b/bandook/Bandook_all.html Bandook RAT All Versions] , by MegaSecurity security database
* [http://www.nuclearwintercrew.com Nuclear Winter Crew] , Bandook RAT creator's page


Wikimedia Foundation. 2010.

Игры ⚽ Нужна курсовая?

Look at other dictionaries:

  • Timeline of computer viruses and worms — Contents 1 1960–1969 1.1 1966 2 1970–1979 2.1 1 …   Wikipedia

  • Sholay — Infobox Film name = Sholay (Flames) caption = director = Ramesh Sippy producer = G.P. Sippy writer = Salim Khan, Javed Akhtar starring = Dharmendra,Sanjeev Kumar,Hema Malini,Amitabh Bachchan,Jaya Bhaduri,Amjad Khan music = Rahul Dev Burman… …   Wikipedia

  • Remote administration tool — A Remote administration tool is used to remotely connect and manage a single or multiple computers with a variety of tools, such as: * Screen/camera capture or control * File management (download/upload/execute/etc.) * Shell control (usually… …   Wikipedia

  • Doga (comics) — Doga Doga on Raj Comics yearly calendar Publication information Publisher Raj Comics …   Wikipedia

  • List of trojan horses — *AytonScape *Bandook *Beast Trojan *Bifrost * Downloader.Zlob *Bohmini.A *Generic8.LDI *Generic9.ABWM *Generic9.ZYW *Graybird (Backdoor Graybird, Backdoor Graybird P) *Insurrection *Koobface (attacks through social networking message links)… …   Wikipedia

  • Anita Kanwar — Infobox actor bgcolour = name = Anita Kanwar imagesize = caption = birthdate = location = height = deathdate = deathplace = yearsactive = 1982 present birthname = othername = homepage = awards = Anita Kanwar is an Indian film and television actor …   Wikipedia

  • Remote Administration Tool — Dieser Artikel oder Abschnitt bedarf einer Überarbeitung. Näheres ist auf der Diskussionsseite angegeben. Hilf mit, ihn zu verbessern, und entferne anschließend diese Markierung. Ein Remote Administration Tool (RAT) wird benutzt, um sich von… …   Deutsch Wikipedia

  • Troyano (informática) — Captura de pantalla del troyano Nuclear RAT En informática, se denomina troyano o caballo de Troya (traducción literal del inglés Trojan horse) a un software malicioso que se presenta al usuario como un programa aparentemente legítimo e… …   Wikipedia Español

  • Om Prakash Sharma — Born December 25, 1924(1924 12 25) Meerut, Uttar Pradesh, India Died October 14, 1998(1998 10 14) (aged 73) Meerut, India Occupation Writer, Novelist, Not …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”