Backdoor.Hesive
Date : October 06, 2005

It has been observed that a Trojan Horse called Backdoor.Hesive (alias BackDoor-CUX) is spreading in the wild.

The Trojan arrives through a Microsoft Access file that exploits the Malformed Database File Buffer Overflow Vulnerability reported in Microsoft Jet Database Engine (described in CERT-In Vulnerability Note CIVN-2005-93. The exploit for this vulnerability is identified as Trojan Exploit-MSJet.gen by McAfee.

Backdoor.Hesive opens a back door on the compromised computer and allows a remote attacker to access that system.

Users are advised to maintain and update the antivirus sytems and implement the workarounds suggested in CIVN-2005-93.

For further details and instructions regarding disinfection, refer following URLs:

References:

http://vil.nai.com/vil/content/v_136371.htm
http://vil.nai.com/vil/content/v_133104.htm
http://securityresponse.symantec.com/avcenter/venc/data/
backdoor.hesive.html
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?
VName=A2KM%5FHESIB%2EA
http://cert-in.org.in/vulnerability/civn-2005-93.htm

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Email: info@cert-in.org.in
Phone: +91 11-24368572

Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003