Trojan targets MyDoom infectees
Sunday February 8, 2004
Dubbed Vesser or Deadhat depending on the vendor, a new Trojan seeks out MyDoom infected users, replacing that infection with a backdoor of its own. Deadhat/Vesser seeks out infected systems by trying to connect via TCP ports 3127, 3128, and 1080 - ports listened to by MyDoom's backdoor. Once on the system, the new Trojan sets up shop on TCP port 2766 and it tries to disable a range of antivirus and security software found on the infected system.
Descriptions: F-Secure | Symantec | NAI (McAfee)
Descriptions: F-Secure | Symantec | NAI (McAfee)


No comments yet. Leave a Comment