Home > Threat descriptions >

Backdoor:W32/Finbodos.A

Classification

Category: Malware

Type: Backdoor

Aliases: Backdoor:W32/Finbodos.A

Summary


Backdoor:W32/Finbodos.A is a simple Visual Basic compiled backdoor that listens for remote commands from an attacker.

Removal


Automatic action

Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details


Backdoor:W32/Finbodos.A is a simple Visual Basic compiled backdoor that listens for remote commands from an attacker.Upon execution, it connects to the following address and tcp port:

  • botnet.dy.fi:7668/TCP

The infected machine as a server then will listen for commands issued via a client program. Backdoor:W32/Finbodos.A commands include the following:

  • Start DDOS
  • Display messages
  • Send flood packets
  • Start / Stop server

It also downloads the following files which it uses as control variables for the server:

  • http://hotelliretro.org/[REMOVED]/teksti.dat
  • http://hotelliretro.org/[REMOVED]/interval.dat
  • http://hotelliretro.org/[REMOVED]/mainostila.dat