Вобщем сканя подсети впоследнее время часто наталкуюсь на порту 1080 на трой BugBear.B BackDoor Собственно говоря в нэте про его ничего "толкового" нету только что это и бекдор и кэйлогер с функциями для кражи информации интерисует такое как он настраюетса,куда что отправляет,в каком виде,и собственно можно ли перехватить
BugBear.B backdoor is listening on this port. A cracker may connect to it to retrieve secret information, e.g. passwords or credit card numbers... The BugBear.B worm includes a key logger and can kill antivirus or personal firewall softwares. It propagates itself through email and open Windows shares. Solution: - Use an Anti-Virus package to remove it. - Close your Windows shares - See http://www.symantec.com/avcenter/venc/data/[email protected] Risk factor : Critical Copyright This script is Copyright (C) 2003 Tenable Network Security
Classification Risk: – CVSS: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C Port: 81 Family: Backdoors Dependencies: "http_version.nasl" Description Your system seems to be infected by the Bugbear.B virus (its backdoor has been detected on port 81). Sources CVE: – OSVDB: – Bugtraq: – Plugin Filename: bugbear_b.nasl Version: 1.7 Identification: – Content: # # (C) 2003 StrongHoldNet # # Licence : GPL v2 # # Modifications by rd: # -> Try every web server, not just port 81 # # UNTESTED include("compat.inc"); if (description) { script_id(11707); script_version ("$Revision: 1.7 $"); script_name(english:"Bugbear.B Web Backdoor Detection"); script_set_attribute(attribute:"synopsis", value: "The remote host is compromised." ); script_set_attribute(attribute:"description", value: "Your system seems to be infected by the Bugbear.B virus (its backdoor has been detected on port 81)." ); script_set_attribute(attribute:"see_also", value:"http://www.f-secure.com/v-descs/bugbear_b.shtml" ); script_set_attribute(attribute:"solution", value: "Use your favorite antivirus to disinfect your system. Standalone disinfection tools also exist : ftp://ftp.f-secure.com/anti-virus/tools/f-bugbr.zip" ); script_set_attribute(attribute:"cvss_vector", value: "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C" ); script_set_attribute(attribute:"plugin_publication_date", value: "2003/06/09"); script_end_attributes(); script_summary(english:"Checks for Bugbear.B web backdoor"); script_category(ACT_GATHER_INFO); script_family(english:"Backdoors"); script_copyright(english:"This script is Copyright (C) 2003-2010 StrongHoldNet"); script_dependencie("http_version.nasl"); script_require_ports("Services/www", 81); exit(0); } include("http_func.inc"); include("http_keepalive.inc"); port = get_http_port(default:81); if(!port)exit(0); if(!get_port_state(port))exit(0); url = '/%NETHOOD%/'; req = http_get(item:url, portort); buf = http_keepalive_send_recv(portort, data:req); if( buf NULL ) exit(0); if(ereg(pattern:"^HTTP/[0-9]\.[0-9] 200 ", string:buf) && "Microsoft Windows Network" >< buf) security_hole(port); == crash4x4.my1.ru
