Exforel Backdoor Implemented At Network Driver Interface Specification level

Dec 10, 2012 | comments

Security researchers have identified a variant of the Exforel backdoor malware, VirTool:WinNT/Exforel.A, that’s somewhat different from other malicious elements of this kind.


The NDIS-level backdoor used by VirTool:WinNT/Exforel.A is much more low-level and stealthy than that used by traditional backdoors – there is no connecting/listening port so it is more difficult to notice. The backdoor traffic is completely invisible to user-mode applications.

Functionalities:
  • Uploading files
  • Downloading files
  • Executing files
  • Routing TCP/IP packets

This sample appears to be used for a specific attack targeting a certain organization.


Share this article :

Post a Comment

I'm certainly not an expert, but I'll try my hardest to explain what I do know and research what I don't know. Be sure to check back again , after moderation i do make every effort to reply to your comments .

 
Support : INDIATRIKS
Copyright © 2011. INDIATRIKS - All Rights Reserved
Template Edited By Indiatriks
Proudly Powered By Blogger