McAfee > Theat Center > Virus Detail Page

Overview

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Aliases

• Backdoor.Brador.A (Symantec)

• Backdoor.WinCE.Brador.a (AVP)

• Brador (F-Secure)

• WINCE_BRADOR.A (Trend)

Characteristics

This remote access trojan only runs on the PocketPC WinCE devices.  When run, it opens a TCP port to allow a remote attacker to control the compromised system.  To notify the author, an email message is sent to a specified email address.

Symptoms

When run, the trojan configures itself to run at system startup by copying itself to the Windows Startup folder (\Windows\StartUp\svchost.exe).

The trojan opens up a Windows Socket and listens on Port 2989 [0x0BAD].
    Infected host can then respond to remote commands
    Code has been found with the following behavior:

        - List the directory contents into the socket connection
        - Upload a file through the socket connection
        - Download a file through the socket connection
        - Display a message box
        - Execute a process [an arbitrary command]
        - Exit

Method of Infection

Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, email, etc

Removal

-

Variants

Variants

N/A

All Information

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Aliases

• Backdoor.Brador.A (Symantec)

• Backdoor.WinCE.Brador.a (AVP)

• Brador (F-Secure)

• WINCE_BRADOR.A (Trend)

Characteristics

Characteristics -

This remote access trojan only runs on the PocketPC WinCE devices.  When run, it opens a TCP port to allow a remote attacker to control the compromised system.  To notify the author, an email message is sent to a specified email address.

Symptoms

Symptoms -

When run, the trojan configures itself to run at system startup by copying itself to the Windows Startup folder (\Windows\StartUp\svchost.exe).

The trojan opens up a Windows Socket and listens on Port 2989 [0x0BAD].
    Infected host can then respond to remote commands
    Code has been found with the following behavior:

        - List the directory contents into the socket connection
        - Upload a file through the socket connection
        - Download a file through the socket connection
        - Display a message box
        - Execute a process [an arbitrary command]
        - Exit

Method of Infection

Method of Infection -

Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, email, etc

Removal -

Removal -

-

Variants

Variants -

N/A