Threat Description

MoSucker

Details

Aliases:MoSucker, Backdoor.Mosucker.
Category:Malware
Type:Backdoor
Platform:W32

Summary



MoSucker is a powerful backdoor - hacker's remote access tool.



Removal



To remove this backdoor it is enough to delete its file from a hard disk. As a system was compromised by a backdoor, it should be checked for other infections and security settings (including logins and passwords) of a system should be changed.



Technical Details



When activated on an infected system it allows more than one hacker to connect to a system and to perform the following actions:

 1. Control the server - configure, restart, remove, close
 2. Open/Close CD-ROM tray
 3. Lost and kill processes
 4. Shutdown/retart a system
 5. Log activities and control mouse and keyboard
 6. Upload, download, run, rename of move files
 7. List, create, remove directories
 8. Control Windows interface: popup start menu, minimize all
 windows, show/hide system tray, hide/show Start button, change
 wallpaper, change resolution, change system colors, flip screen,
 get opened windows list
 9. Copy/read text from clipboard
 10. Open/close chat session
 11. Administrator of a backdoor server can control other user's
  rights for the server
 12. Play sound files
 13. Create log file of backdoor activities
 14. Send text to a printer
 15. Get OS system type and version
 16. Modify Windows Registry
 17. Update server from Internet
 18. Change date and time
 19. Show picture
 20. Steal user's ICQ info
 21. Get information about user's local and network drives
 22. Show messageboxes
 23. Notify a hacker when infected user is on-line
 24. Get general information about infected system
 
 

The backdoor renames NETSTAT.EXE to NETSTAT.OLD when it is first activated and renames the file back when it is uninstalled. The backdoor also can install itself to system with modification of startup keys in the Registry or INI files.





Technical Details: Alexey Podrezov; F-Secure Corp.; November 2001


SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Scan & clean your PC

F-Secure Online Scanner will scan and clean your PC in just a few minutes for free

Learn More