www.esecurityplanet.com/alerts/article.php/3806121
Back to Article
2/23: DelfInj-B Trojan Gives Remote Intruder System Access, Control
By Esther Shein
February 23, 2009
Back to Article
2/23: DelfInj-B Trojan Gives Remote Intruder System Access, Control
By Esther Shein
February 23, 2009
Troj/DelfInj-B is a Trojan for the Windows platform.
Troj/DelfInj-B runs continuously in the background, providing a backdoor server that allows a remote intruder to gain access and control over the computer via IRC channels.
When first run Troj/DelfInj-B copies itself to Systemcsrcs.exe.
The following registry entry is created to run csrcs.exe on startup:
HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun
Client Server
Systemcsrcs.exe
More information can be found at this Sophos page.