BleepingComputer.com > MS04-032: Ecommander Backdoor

Full Version: MS04-032: Ecommander Backdoor

BleepingComputer.com > Security > Breaking Virus & Security News

harrywaldron

Oct 22 2004, 07:40 AM

An MS04-032 proof-of-concept exploit has become a real one. Thankfully, it is not widespread but it provides a new method of attack on unpatched systems. Everyone is encouraged to complete Windows Updates as soon as they can

MS04-032: Ecommander Backdoor
http://www.symantec.com/avcenter/venc/data...mcommander.html

Backdoor.Emcommander is a Backdoor Trojan distributed as an EMF image file. It exploits the Microsoft Windows WMF/EMF Image Format Rendering Remote Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS04-032) and allows an attacker to control the compromised system.

Opens a backdoor on TCP port 31337 and listens for commands from an attacker. The port number may vary because Backdoor.Emcommander can be built with a Backdoor.ConstructKit tool, where the port number can be specified as a parameter. Executes the remote command sent by the attacker through the Internet. The remote command is executed through "cmd.exe" of the compromised system

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.