Backdoor:W32/Finbodos.A

Threat description

Details

CATEGORYMalware
TYPEBackdoor

Summary

Backdoor:W32/Finbodos.A is a simple Visual Basic compiled backdoor that listens for remote commands from an attacker.



Removal

Automatic action

Depending on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the suspect file, or ask you for a desired action.

More scanning & removal options

More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.

You may also refer to the Knowledge Base on the F-Secure Community site for more information.

Contact Support

F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site.

Technical Details

Backdoor:W32/Finbodos.A is a simple Visual Basic compiled backdoor that listens for remote commands from an attacker.Upon execution, it connects to the following address and tcp port:

  • botnet.dy.fi:7668/TCP

The infected machine as a server then will listen for commands issued via a client program. Backdoor:W32/Finbodos.A commands include the following:

  • Start DDOS
  • Display messages
  • Send flood packets
  • Start / Stop server

It also downloads the following files which it uses as control variables for the server:

  • http://hotelliretro.org/[REMOVED]/teksti.dat
  • http://hotelliretro.org/[REMOVED]/interval.dat
  • http://hotelliretro.org/[REMOVED]/mainostila.dat

Submit a Sample

Suspect a file or URL was wrongly detected?
Send it to our Labs for further analysis

Submit a Sample

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

More Info