Threat Description

Backdoor:​W32/Finbodos.A

Details

Aliases: Backdoor:​W32/Finbodos.A
Category: Malware
Type: Backdoor
Platform: W32

Summary



Backdoor:W32/Finbodos.A is a simple Visual Basic compiled backdoor that listens for remote commands from an attacker.



Removal



Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.



Technical Details



Backdoor:W32/Finbodos.A is a simple Visual Basic compiled backdoor that listens for remote commands from an attacker.Upon execution, it connects to the following address and tcp port:

  • botnet.dy.fi:7668/TCP

The infected machine as a server then will listen for commands issued via a client program. Backdoor:W32/Finbodos.A commands include the following:

  • Start DDOS
  • Display messages
  • Send flood packets
  • Start / Stop server

It also downloads the following files which it uses as control variables for the server:

  • http://hotelliretro.org/[REMOVED]/teksti.dat
  • http://hotelliretro.org/[REMOVED]/interval.dat
  • http://hotelliretro.org/[REMOVED]/mainostila.dat





SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Scan & clean your PC

F-Secure Online Scanner will scan and clean your PC in just a few minutes for free

Learn More