Threat Description

Backdoor:​W32/Finbodos.A

Details

Aliases:Backdoor:​W32/Finbodos.A
Category:Malware
Type:Backdoor
Platform:W32

Summary



Backdoor:W32/Finbodos.A is a simple Visual Basic compiled backdoor that listens for remote commands from an attacker.



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

You may wish to refer to the Support Community for further assistance. You also may also refer to General Removal Instructions for a general guide on alternative disinfection actions.



Technical Details



Backdoor:W32/Finbodos.A is a simple Visual Basic compiled backdoor that listens for remote commands from an attacker.Upon execution, it connects to the following address and tcp port:

  • botnet.dy.fi:7668/TCP

The infected machine as a server then will listen for commands issued via a client program. Backdoor:W32/Finbodos.A commands include the following:

  • Start DDOS
  • Display messages
  • Send flood packets
  • Start / Stop server

It also downloads the following files which it uses as control variables for the server:

  • http://hotelliretro.org/[REMOVED]/teksti.dat
  • http://hotelliretro.org/[REMOVED]/interval.dat
  • http://hotelliretro.org/[REMOVED]/mainostila.dat





SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Scan & clean your PC

F-Secure Online Scanner will scan and clean your PC in just a few minutes for free

Learn More