Home>Trojan Programs> Backdoors>

Backdoor.Win32.Katien.a

Alert Level :	Medium
Discovered:	Aug 21 2002
Tag:	Backdoors
Discoverer and Source:	http://www.kaspersky.com/

Malware Behavior and Technical Description

Katien is a backdoor trojan program. The trojan itself is a Windows PE EXE file about 50KB in length and written in Microsoft Visual C .

Once executed the backdoor program registers itself in the system registry auto-run section:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

The key name depends on the backdoor variant:

TaskReg = %trojan file name% Service = %trojan file name%

Once this is done Katien then opens a backdoor connection and waits for its master's (person controlling the Trojan program) commands. The Katien backdoor program performs just a few commands:

• gets a file from a requested URL
• runs a command or specified local file
• performs a DoS attack on the requested victim address
• terminates itself

The backdoor program has copyright strings (lines) depending on the backdoor variant:

Voyager Alpha Force: Age of Kaiten
Kaiten Win32 API version: contem@efnet

0

Removal Backdoor.Win32.Katien.a instructions:

0

Need help? Live computer support via remote at SupportSpace.Help with printer problems, windows, hardware, software, spyware removal and more. - Go Now!

Great Anti-Virus Software : Kaspersky Internet Security 2009 Save 35% Buy Panda Global Protection 2009 and Panda Antiviru Download PandaLabs Reports Free AVG virus removel tools Hunting Down Spyware and Adware Adware and spyware, knowing the basics Adware Spyware Remover from CBAdvance Keeping Your Computer in Good Condition Using Free Spyware A Beware of Covert Online Spies Why the Need to Remove Adware and Spyware