Bionet is a backdoor - hacker's remote access tool. It's not so
advanced as Sub7 or BackOrifice or Netbus backdoors. It consists
of server and client parts. The server part is usually hiddenly
installed on a victim's computer and it can be controlled by a
client part from another (hacker's) computer when both systems
are on Internet.
A victim usually gets infected with a server part by clicking on
infected attachments that is sent to him by his on-line
'friends'. The server part when run gets installed as
LIBUPDATE.EXE file into \Windows\ folder. It modifies Windows
registry to be run during all windows sessions. Also the
keylogging DLL named BNHOOK.DLL is dropped into the same folder.
The server part allows a hacker to perform the following actions
on a remote system:
Open/close CD-Rom drive tray
Capture screen of remote system
Shutdown Window, reboot, power down a system
Send messages to remote system and get replies
Open file manager and execute, upload, download and delete files on remote system
Show/hide Start button
Set and trace position of mouse cursor on remote system
Terminate certain applications
Direct remote system webbrowser to any webpage
Get server version info and remove it from a remote system
Log all the events
