The Growth and Development of the Bandook RAT of 2005 Virus


The Growth and of the Bandook RAT of 2005 Virus…




The Bandook RAT makes its presence known


In 2005 developers began to notice that there was a remote administration tool which was eventually christened the Bandook RAT. It had several aliases such Backdoor.Win32 and Bandok.bd. IT was also the Troj.Bandok-j and Backdoor.Bandook. All the characteristics of this malware point to the fact that it is a form of a Trojan. It could affect different programs such as Windows 2000, NT, XP, Vista, 7 and Server 2003. That meant that very few computers were safe since this run the full spectrum of services that were available. It is still in operation as a consequence of the many variants which are being released.

From humble origins the Bandook RAT expands

Although it came from Lebanon, this virus managed to affect different parts of the world. A server creator was the mode of operation which was used in order to ensure that the client was trapped. They would then create a connection which effectively took control over remote computers that had been linked to the main head. The process hijacking techniques that we have always known about were used in order to bypass the firewall. The server components would be given special access rights which were not possible in the past. The end result was a program that was gaining in momentum. Elements that could be used in a malicious manner include the keystroke logger, screen capture, file manager and process manager.

The operations of the Bandook RAT virus

The server component which was used by the Bandook RAT is 28,200 bytes. It was dropped on the file application folders and was set to a default name ali.exe. When the server component was run, it would establish a connection which effectively attacked the client. For example it could listen to confidential transactions which compromised the user in some way. Moreover the virus had the ability to execute arbitrary code which seriously hindered the operation of the network. It could change the server component port number as well as the IP address.  This malware was capable of changing the DNS and working with the Rootkit network.

The destructive impact of the Bandook RAT virus

This program would run the component executable name within the installation folder. That allowed it to hijack particular processes. The Windows Registry would then be turned into the ActiveX key. In some ways the enabling of the key logger was the most damaging aspect which could lead to significant financial losses.

 

 

    Page copy protected against web site content infringement by Copyscape

 

 


 

 


 

 

 

Posted in Geek Stuff

Leave a Reply

Your email address will not be published. Required fields are marked *

*



Some of our Happy Customers we have provided service for...