F-Secure
Tools
Backdoor:W32/Ghost.gen!A
Summary
A remote administration utility which bypasses normal security mechanisms to secretly control a program, computer or network.Additional Details
Backdoor:W32/Ghost.gen!A is the Generic Detection for the Ghost backdoor program.
Ghost originates from China.
Activity
The Server component of this program has the following settings:
When using Ghost, a remote attacker can execute the following actions on an infected machine:
Ghost originates from China.
Activity
The Server component of this program has the following settings:
- Port
- Max connections
- DNS/IP
- Connect through Socks5
- Use Proxy
- Username/Password support
- Service name/Descriptor name that appears in victim's machine
When using Ghost, a remote attacker can execute the following actions on an infected machine:
- Perform various file operations
- Perform screen captures
- Perform keylogging
- Execute a Remote Shell
- Process Manager
- Uninstall the backdoor from the machine
- Webcam view
- Perform Audio captures
- Download/execute files
- Update the server
- Open URLs