A remote administration utility which bypasses normal security mechanisms to secretly control a program, computer or network.
Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.
Backdoor:W32/Ghost.gen!A is the Generic Detection for the Ghost backdoor program.Ghost originates from China.
The Server component of this program has the following settings:
- Max connections
- Connect through Socks5
- Use Proxy
- Username/Password support
- Service name/Descriptor name that appears in victim's machine
When using Ghost, a remote attacker can execute the following actions on an infected machine:
- Perform various file operations
- Perform screen captures
- Perform keylogging
- Execute a Remote Shell
- Process Manager
- Uninstall the backdoor from the machine
- Webcam view
- Perform Audio captures
- Download/execute files
- Update the server
- Open URLs