Listen to your infection? Not necessarily as this backdoor binds cmd.exe on port 24501, but needs to be socially engineered in the form of a plugin for Winamp. Code originally released in December, 2006, see attached screenshot. Not much of a fun here either, but as the folks at SANS point out Winamp doesn't play .MP4 files automatically from a web page, so no chance to have it embedded within popular sites and cause mass outbreaks as we saw it happen with the with ANI exploit code and the WMF one.
gen_wbkdr.dll
File size: 45056 bytes
MD5: 74d149f4a1f210ea41956af6ecedb96b
SHA1: 5a2e8d5727250a647ce44d00cf7446775e6cd7d5
No comments:
Post a Comment