Home > Threat descriptions >

MoSucker

Classification

Category: Malware

Type: -

Aliases: MoSucker, Backdoor.Mosucker.

Summary


MoSucker is a powerful backdoor - hacker's remote access tool.

Removal


To remove this backdoor it is enough to delete its file from a hard disk. As a system was compromised by a backdoor, it should be checked for other infections and security settings (including logins and passwords) of a system should be changed.

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details


When activated on an infected system it allows more than one hacker to connect to a system and to perform the following actions:

 1. Control the server - configure, restart, remove, close
2. Open/Close CD-ROM tray
3. Lost and kill processes
4. Shutdown/retart a system
5. Log activities and control mouse and keyboard
6. Upload, download, run, rename of move files
7. List, create, remove directories
8. Control Windows interface: popup start menu, minimize all

 windows, show/hide system tray, hide/show Start button, change

 wallpaper, change resolution, change system colors, flip screen,

 get opened windows list
9. Copy/read text from clipboard
10. Open/close chat session
11. Administrator of a backdoor server can control other user'srights for the server
12. Play sound files
13. Create log file of backdoor activities
14. Send text to a printer
15. Get OS system type and version
16. Modify Windows Registry
17. Update server from Internet
18. Change date and time
19. Show picture
20. Steal user's ICQ info
21. Get information about user's local and network drives
22. Show messageboxes
23. Notify a hacker when infected user is on-line
24. Get general information about infected system

The backdoor renames NETSTAT.EXE to NETSTAT.OLD when it is first activated and renames the file back when it is uninstalled. The backdoor also can install itself to system with modification of startup keys in the Registry or INI files.