[virusinfo] Troj/Nuclear-F

• From: "Mike" <mikebike@xxxxxxxxx>
• To: virusinfo@xxxxxxxxxxxxx
• Date: Wed, 06 Apr 2005 09:11:49 -0700

From: Sophos Alert System:

Name: Troj/Nuclear-F
Aliases: Backdoor.Win32.Nuclear.b
Type: Trojan
Date: 6 April 2005

A virus identity (IDE) file which provides protection is
available now from the Sophos website, and will be incorporated
into the May 2005 (3.93) release of Sophos Anti-Virus.

Customers using EM Library, PureMessage or any of our Sophos
small business solutions will be automatically protected at
their next scheduled update.

At the time of writing, Sophos has received a small number of
reports of this Trojan from the wild.


Information about Troj/Nuclear-F can be found at:
http://www.sophos.com/virusinfo/analyses/trojnuclearf.html

Troj/Nuclear-F is a configurable backdoor Trojan for the Windows platform which 
allows full remote access capabilities via a remote client. The Client 
application allows the creation of server applets which act as the backdoor 
when installed on the infected computer. 
The generated Trojan component can be customised upon creation. 
Troj/Nuclear-F may copy itself to a new folder under the Windows folder as well 
as create a helper dll of the same name. 
The following registry entry may also be created: 
HKLM\Softwae\Classes\dllfile\shell\open\command\ 
Troj/Nuclear-F may create a number of files including an IP logger script and 
initial script as follows: 
logger.php
settings.in 
The Trojan is capable of logging keystrokes, monitoring attached media devices 
such as webcams and microphones and interacting with the desktop. 

This IDE file also includes detection for:

WM97/Ponapi-A
http://www.sophos.com/virusinfo/analyses/wm97ponapia.html
Troj/Spabot-D
http://www.sophos.com/virusinfo/analyses/trojspabotd.html
Troj/Daoser-B
http://www.sophos.com/virusinfo/analyses/trojdaoserb.html

Download the IDE file from:
http://www.sophos.com/downloads/ide/nucl-f.ide

Download all the IDE files available for the current version of 
Sophos Anti-Virus in a single compressed file. The file is
available in two formats:

Zip file:
http://www.sophos.com/downloads/ide/ides.zip

Self-extracting file:
http://www.sophos.com/downloads/ide/ides.exe

Read about how to use IDE files at
http://www.sophos.com/downloads/ide/using.html

*********** MIKE"S REPLY SEPARATOR  ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages  http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance  and OWTA Charter Member 

Other related posts:

• » [virusinfo] Troj/Nuclear-F

1. Home
2. virusinfo
3. Archive
4. 04-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---