The “hidden” backdoor – VirTool:WinNT/Exforel.A

By | December 20, 2012

Source: Microsoft Malware Protection Center

by Chung Feng

In this article “Recently we discovered an advanced backdoor sample – VirTool:WinNT/Exforel.A. Unlike traditional backdoor samples, this backdoor is implemented at the NDIS (Network Driver Interface Specification) level.

VirTool:WinNT/Exforel.A implements a simple private TCP/IP stack and hooks NDIS_OPEN_BLOCK for the TCP/IP protocol, as shown in Figure 1.”



Leave a Reply