Threat Description

Backdoor: W32/Finbodos.A

Details

Category: Malware
Type: Backdoor
Platform: W32
Aliases: Backdoor:W32/Finbodos.A

Summary


Backdoor:W32/Finbodos.A is a simple Visual Basic compiled backdoor that listens for remote commands from an attacker.



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More scanning & removal options

More information on scanning or removal options is available in the documentation for your F-Secure security product on the Downloads section of our Home - Global site.

You may also refer to the Knowledge Base on the F-Secure Community site for more information.

Contact Support

For further assistance, F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site.



Technical Details


Backdoor:W32/Finbodos.A is a simple Visual Basic compiled backdoor that listens for remote commands from an attacker.Upon execution, it connects to the following address and tcp port:

  • botnet.dy.fi:7668/TCP

The infected machine as a server then will listen for commands issued via a client program. Backdoor:W32/Finbodos.A commands include the following:

  • Start DDOS
  • Display messages
  • Send flood packets
  • Start / Stop server

It also downloads the following files which it uses as control variables for the server:

  • http://hotelliretro.org/[REMOVED]/teksti.dat
  • http://hotelliretro.org/[REMOVED]/interval.dat
  • http://hotelliretro.org/[REMOVED]/mainostila.dat





SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More