« previous next »
Pages: [1]

Author Topic: Backdoor Trojan Problem  (Read 4529 times)

0 Members and 1 Guest are viewing this topic.

Offline impss

  • Sr. Member
  • ****
  • Posts: 382
    • View Profile
    • Cusstom.net
Backdoor Trojan Problem
« on: December 12, 2006, 04:40:46 PM »
I have someone that is adding a trojan to my gallery.  :evil:

The trojan is a  PHP.RSTBackdoor file.

And is uploaded with file names like tryag.jpg


Looking at what this Trojan can do:
When PHP.RSTBackdoor is executed, it performs the following actions:

Creates the following files:


/tmp/bdpl
/tmp/back
/tmp/bd
/tmp/bd.c
/tmp/dp
/tmp/dpc
/tmp/dpc.c


Opens a back door via HTTP access. It allows the remote attacker to perform any of the following actions:


Execute shell commands on /bin/bash
Change file permissions
Delete files and directories
Upload files
Edit files
Find files
Show system information
Dump SQL database

Is there anyway to stop these types of files from being uploaded?
Logged

Offline KurtW

  • 4images Guru
  • *******
  • Posts: 2.778
    • View Profile
    • Malediven-Bilder ~~Dreams~~
Re: Backdoor Trojan Problem
« Reply #1 on: December 12, 2006, 05:32:59 PM »
Hi,

change the passwords, delete all the backdoor files,
search your pc apout virus/trojans and update the 4images script to 1.7.4
or include this Security fix
http://www.4homepages.de/forum/index.php?board=17.0


cu
KUrt
Logged

Offline impss

  • Sr. Member
  • ****
  • Posts: 382
    • View Profile
    • Cusstom.net
Re: Backdoor Trojan Problem
« Reply #2 on: December 12, 2006, 06:29:53 PM »
Do u know which Security fix?

I thought i had did them all.

And I dont see any that pertain to Trojan JPGs being uploaded as a regular picture.
Logged

Offline KurtW

  • 4images Guru
  • *******
  • Posts: 2.778
    • View Profile
    • Malediven-Bilder ~~Dreams~~
Re: Backdoor Trojan Problem
« Reply #3 on: December 12, 2006, 07:26:32 PM »
Hi,

when do you made a copy from a site read all...

Code: [Select]
PHP.RSTBackdoor is a back door Trojan that is written in PHPhttp://www.sarc.com/avcenter/venc/data/php.rstbackdoor.html

And:

Quote
Do u know which Security fix?
All for your Version. I dont now about your updates.
Quote
And I dont see any that pertain to Trojan JPGs being uploaded as a regular picture
cant understand you...
-trojan horse is written in php
-you found a image
-from your first post
Quote
Creates the following files:


/tmp/bdpl
/tmp/back
/tmp/bd
/tmp/bd.c
/tmp/dp
/tmp/dpc
/tmp/dpc.c
-now you cant found anything..

And what is the problem now :?: :?:


Kurt
Logged

Offline impss

  • Sr. Member
  • ****
  • Posts: 382
    • View Profile
    • Cusstom.net
Re: Backdoor Trojan Problem
« Reply #4 on: December 12, 2006, 07:38:25 PM »
I know that the trojan is written in php.

But somehow it is embeded into a JPG file, this is how it is being added to my gallery.

I notice it because it does not automatically create a thumbnail for the picture, when I open details I get a pop up from mcafee saying that it has detected this trojan.

This happens on both my work and home computer when, someone uploads one of these types of files.
Logged
Pages: [1]
« previous next »