Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:185 |
| Message | BACKDOOR CDK |
| Summary | CDK is a Trojan Horse offering the attacker control of the victim host. This event is generated when an attacker connects to a victim server. |
| Impact | Possible theft of data and control of the targeted machine leading to a compromise of all resources the machine is connected to. |
| Detailed Information | This Trojan affects the following operating systems: Windows 95 Windows 98 Windows ME Windows NT Windows 2000 Windows XP |
| Affected Systems | |
| Attack Scenarios | This Trojan may be delivered to the target in a number of ways. This event is indicative of an existing infection being activated. Initial compromise can be in the form of a Win32 installation program that may use the extension ".jpg" or ".bmp" when delivered via e-mail for example. |
| Ease of Attack | This is Trojan activity, the target machine may already be compromised. Updated virus definition files are essential in detecting this Trojan. |
| Corrective Action | Restore a previously known good copy of the registry. A reboot of the infected machine is recommended. |
| Additional References | Whitehats arachNIDS http://www.whitehats.com/info/IDS263 |
| Rule References | arachnids: 263 |
--
DID:245545
--
http://www.aanval.com/