Discovered: April 27, 2004
Updated: February 13, 2007 12:22:09 PM
Type: Trojan Horse
Systems Affected: Windows 95, Windows 98, Windows NT, Windows XP
Backdoor.Mipsiv is a Trojan horse that connects to an IRC server and allows an attacker to preform keylogging and network scanning functions.
Notes:
- Symantec Security Response recommends that you block access to TCP port 443 at the firewall level, if the port is not being used. However, this will prevent applications from using this port, such as those that use SSL, TLS, and HTTPS protocols.
- The presence of this threat may indicate that the system was compromised by an exploitation of the SSL PCT Windows vulnerability. It is recommended that the MS04-011 patch be applied to protect against possible exploitation of this vulnerability. Additionally, the PCT protocol can be disabled by following the instructions found in the following Microsoft KB document.
Protection
-
Initial Rapid Release version April 28, 2004
-
Latest Rapid Release version August 20, 2008 revision 017
-
Initial Daily Certified version April 28, 2004
-
Latest Daily Certified version August 20, 2008 revision 016
-
Initial Weekly Certified release date April 28, 2004
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
-
Wild Level: Low
-
Number of Infections: 0 - 49
-
Number of Sites: 0 - 2
-
Geographical Distribution: Low
-
Threat Containment: Easy
-
Removal: Moderate
Damage
Distribution
Writeup By: Scott Gettis
