About: Bifrost (Trojan horse)

Facets (new session)
Description
Metadata
Settings
- Rule:
- Inverse Functional Properties:
- "Same As":

About: Bifrost (Trojan horse) Goto Sponge NotDistinct Permalink

An Entity of Type : yago:Virus106585816, within Data Space : dbpedia.org associated with source document(s)
QRcode icon

http://dbpedia.org/describe/?url=http%3A%2F%2Fdbpedia.org%2Fresource%2FBifrost_%28Trojan_horse%29

Bifrost is a backdoor trojan horse family of more than 10 variants which can infect Windows 95 through Windows 10 (although on modern Windows systems, after Windows XP, its functionality is limited). Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attacker, who uses the client, to execute arbitrary code on the compromised machine (which runs the server whose behavior can be controlled by the server editor). TCP connection is encrypted with a password (default: "pass"), but this can be changed as well.

Attributes	Values
rdf:type	yago:Abstraction100002137 yago:Code106355894 yago:CodingSystem106353757 yago:Communication100033020 yago:MalevolentProgram106573020 yago:Program106568978 yago:Writing106359877 yago:WrittenCommunication106349220 yago:Software106566077 yago:Virus106585816
rdfs:label	Bifrost (Trojan horse) (en)
rdfs:comment	Bifrost is a backdoor trojan horse family of more than 10 variants which can infect Windows 95 through Windows 10 (although on modern Windows systems, after Windows XP, its functionality is limited). Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attacker, who uses the client, to execute arbitrary code on the compromised machine (which runs the server whose behavior can be controlled by the server editor). TCP connection is encrypted with a password (default: "pass"), but this can be changed as well. (en)
foaf:homepage	http://www.chasenet.org
dcterms:subject	Hacking in the 2000s Trojan horses
Wikipage page ID	3602208 (xsd:integer)
Wikipage revision ID	1106382913 (xsd:integer)
Link from a Wikipage to another Wikipage	Remote shell Unofficial patch Keystroke logging Persistence (computer science) Rootkit Hacking in the 2000s Windows 10 Windows 2000 Windows 7 Windows 95 Windows 98 Windows Me Windows NT Windows Server 2003 Windows XP Kilobyte Transmission Control Protocol Backdoor (computing) Trojan horses Trojan horse (computing) File manager Window Manager Windows registry Screenshot User Account Control IP address Windows Metafile vulnerability Arbitrary code TCP and UDP port
Link from a Wikipage to an external page	http://vil.mcafeesecurity.com/vil/content/v_128889.htm http://www.sarc.com/avcenter/venc/data/backdoor.bifrose.c.html https://web.archive.org/web/20060103085413/http:/vil.nai.com/vil/content/v_125294.htm https://web.archive.org/web/20060118010736/http:/vil.nai.com/vil/content/v_125295.htm http://www.sophos.com/virusinfo/analyses/trojbifroseaj.html http://www.chasenet.org http://www.microsoft.com/presspass/press/2006/jan06/01-05UpdatePR.mspx http://securityresponse.symantec.com/avcenter/venc/data/backdoor.bifrose.html
sameAs	Bifrost (Trojan horse) Bifrost (Trojan horse) Bifrost (Trojan horse)
dbp:wikiPageUsesTemplate	dbt:Infobox_computer_virus dbt:No_footnotes dbt:Other_uses dbt:Snd dbt:Hacking_in_the_2000s
aliases	, Backdoor-CKA, Agent.MJ (en)
common name	Bifrost (en)
isolation	Unknown (en)
IsolationDate	2004 (xsd:integer)
Subtype	Backdoor (computing)
Technical name	Bifrost (en)
author	ksv (en)
classification	Trojan horse (computing)
family	Bifrose (en)
fullname	Bifrost trojan horse family (en)
origin	Sweden (en)
type	Windows 10 Windows 2000 Windows 7 Windows 95 Windows 98 Windows Me Windows NT Windows Server 2003 Windows XP
website	http://www.chasenet.org
has abstract	Bifrost is a backdoor trojan horse family of more than 10 variants which can infect Windows 95 through Windows 10 (although on modern Windows systems, after Windows XP, its functionality is limited). Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attacker, who uses the client, to execute arbitrary code on the compromised machine (which runs the server whose behavior can be controlled by the server editor). The server component (sized around 20–50 kilobytes, depending on variant) is dropped to C:\Program Files\Bifrost\server.exe with default settings and, when running, connects to a predefined IP address on TCP port 81, awaiting commands from the remote user who uses the client component. However, both installation directory and TCP port can be changed. TCP connection is encrypted with a password (default: "pass"), but this can be changed as well. It can be assumed that once all three components are operational, the remote user can execute arbitrary code at will on the compromised machine. The server components can also be dropped to C:\Windows and file attributes changed to "Read Only" and "Hidden". Casual users may not see the directories by default due to the "hidden" attributes set on the directory. Some anti-virus programs (example AVG – 17th Feb 2010) seem to miss the file entirely. The server builder component has the following capabilities: * Create the server component * Change the server component's port number and/or IP address * Change the server component's executable name * Change the name of the Windows registry startup entry * Include rootkit to hide server processes * Include extensions to add features (adds 22,759 bytes to server) * Use persistence (makes the server harder to remove from the infected system) The client component has the following capabilities: * Process Manager (Browse or kill running processes) * File manager (Browse, upload, download, or delete files) * Window Manager (Browse, close, maximize/minimize, or rename windows) * Get system information * Extract passwords from machine * Keystroke logging * Screen capture * Webcam capture * Desktop logoff, reboot or shutdown * Registry editor * Remote shell On December 28, 2005, the Windows WMF exploit was used to drop new variants of Bifrost to machines. Some workarounds and unofficial patches were published before Microsoft announced and issued an official patch on January 5, 2006. The WMF exploit is to be considered extremely dangerous. Older variants of Bifrost used different ports, e.g. 1971, 1999; had a different payload, e.g. C:\Winnt\system32\system.exe; and/or wrote different Windows registry keys. Bifrost was designed before the introduction of UAC thus Bifrost cannot install itself on modern Windows systems, unless it is launched with administrator privileges. (en)
gold:hypernym	Family
prov:wasDerivedFrom	wikipedia-en:Bifrost_(Trojan_horse)?oldid=1106382913&ns=0
page length (characters) of wiki page	5127 (xsd:nonNegativeInteger)
foaf:isPrimaryTopicOf	wikipedia-en:Bifrost_(Trojan_horse)
is Link from a Wikipage to another Wikipage of	Bifrost (disambiguation) Bifrost (trojan horse) Trojan horse (computing) Bifrose Bifrose (trojan horse)
is Wikipage redirect of	Bifrost (trojan horse) Bifrose Bifrose (trojan horse)
is Wikipage disambiguates of	Bifrost (disambiguation)
is foaf:primaryTopic of	wikipedia-en:Bifrost_(Trojan_horse)

Faceted Search & Find service v1.17_git139 as of Feb 29 2024

Alternative Linked Data Documents: ODE Content Formats:

RDF

ODATA

Microdata

About

OpenLink Virtuoso version 08.03.3330 as of Mar 19 2024, on Linux (x86_64-generic-linux-glibc212), Single-Server Edition (62 GB total memory, 54 GB memory in use)
Data on this page belongs to its respective rights holders.
Virtuoso Faceted Browser Copyright © 2009-2024 OpenLink Software