W32/Bo2K.Plugin.*
Analysis
- Threat is a component of an installed remote access
Trojan known as W32/Bo2K, also known as Back Orifice
2000
- Components are typically packaged within an installation
for BO2K – the installation is commonly Trojan
in nature in that the file is misrepresented such
that the user may install the program based on file
name or icon association – this type of misrepresentation
is also known as social engineering
- Various components function in different ways;
some allow integration of traffic encryption such
as Cast, RC6 or IDEA, while others function as a notification
module to alert hackers that someone has been infected
with W32/Bo2K server
- Below are some of the components as detected -
W32/Bo2K.Plugin.BOred.dll
W32/Bo2K.Plugin.Cast
W32/Bo2K.Plugin.Cast.A
W32/Bo2K.Plugin.Cast.B
W32/Bo2K.Plugin.Cast.C
W32/Bo2K.Plugin.Cast.D
W32/Bo2K.Plugin.Cast.F
W32/Bo2K.Plugin.Cast.G
W32/Bo2K.Plugin.IDEA-Encrypt.dll
W32/Bo2K.Plugin.RC6
W32/Bo2K.Plugin.Serpent
W32/Bo2K.Plugin.SilkRope
W32/Bo2K.Plugin.Stcpio
W32/Bo2K.Plugin.Tools
W32/Bo2K.Butt_Trumpet
W32/Bo2K.Butt_Trumpet.2000