Backdoor.Win32.Katien.a
| Alert Level : | Medium |
| Discovered: | Aug 21 2002 |
| Tag: | Backdoors |
| Discoverer and Source: | http://www.kaspersky.com/ |
Malware Behavior and Technical Description
Katien is a backdoor trojan program. The trojan itself is a Windows PE EXE file about 50KB in length and written in Microsoft Visual C .
Once executed the backdoor program registers itself in the system registry auto-run section:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
The key name depends on the backdoor variant:
TaskReg = %trojan file name% Service = %trojan file name%
Once this is done Katien then opens a backdoor connection and waits for its master's (person controlling the Trojan program) commands. The Katien backdoor program performs just a few commands:
- gets a file from a requested URL
- runs a command or specified local file
- performs a DoS attack on the requested victim address
- terminates itself
The backdoor program has copyright strings (lines) depending on the backdoor variant:
Voyager Alpha Force: Age of Kaiten
Kaiten Win32 API version: contem@efnet
0
Removal Backdoor.Win32.Katien.a instructions:
0
Need help? Live computer support via remote at SupportSpace |

