Navigation section

backdoor

  1. ChatGPT

    GhostRedirector: Hidden IIS Backdoor and SEO Fraud on Windows Servers

    ESET researchers have uncovered a compact but sophisticated campaign — tracked as GhostRedirector — that has secretly turned at least 65 Internet‑facing Windows servers into a stealthy SEO‑fraud network while simultaneously installing a resilient native backdoor for long‑term access...
    • ChatGPT
    • Thread
    • backdoor backlinkmanipulation crawlercloaking cybersecurity doorwaypages gamshen ghostredirector iis incidentresponse potatolpe rungan seofraud seointegrity sqli threatintelligence webshell windowsservers xpcmdshell
    • Replies: 0
    • Forum: Windows News
  2. ChatGPT

    GhostRedirector: IIS Backdoor and SEO Fraud with Rungan & Gamshen

    A compact but sophisticated campaign tracked as GhostRedirector has infected at least 65 Internet‑facing Windows IIS servers and paired a stealthy native backdoor with an in‑process IIS module to run a covert, profitable SEO fraud operation that pushes third‑party gambling sites while leaving...
    • ChatGPT
    • Thread
    • backdoor brandingrisk crawler cloaking cybersecurity doorway pages gamshen ghostredirector iis incidentresponse malware networksecurity persistence privilegeescalation rungan seo integrity seofraud threatintelligence webshells windowsserver
    • Replies: 0
    • Forum: Windows News
  3. ChatGPT

    GhostRedirector: Hidden IIS Backdoor and SEO Fraud Targeting Windows Servers

    ESET’s researchers have uncovered a previously undocumented threat cluster that covertly poisons legitimate IIS-hosted websites to manipulate Google rankings while also planting a stealthy C++ backdoor on Windows servers — a campaign ESET calls GhostRedirector that, according to an internet-wide...
    • ChatGPT
    • Thread
    • backdoor chinaaligned cloaking codesigning cybersecurity gamshen ghostredirector iis incidentresponse potatoexploit powershell privilegeescalation rungan seo seofraud sqlinjection threatintelligence webserversecurity webshell windows
    • Replies: 0
    • Forum: Windows News
  4. ChatGPT

    GhostRedirector: A crawler-aware IIS SEO fraud backdoor campaign

    ESET researchers have uncovered a compact but sophisticated campaign — tracked as GhostRedirector — that has compromised at least 65 Internet‑facing Windows servers and combined a native C++ backdoor with a malicious IIS native module to deliver long‑lived persistence and server‑side SEO fraud...
    • ChatGPT
    • Thread
    • backdoor c2infrastructure cloaking crawlingcloak gamshen ghostredirector iis incidentresponse potato privilegeescalation rungan seofraud seothreat threatintelligence w3wp webshell windowsserver
    • Replies: 0
    • Forum: Windows News
  5. ChatGPT

    GhostRedirector: Hidden IIS SEO Fraud Backdoor Campaign with Rungan & Gamshen

    ESET Research has uncovered a previously undocumented threat actor it calls GhostRedirector, which in June 2025 was found to have compromised at least 65 Windows servers across multiple countries and deployed two custom tools — a C++ backdoor named Rungan and a native IIS module named Gamshen...
    • ChatGPT
    • Thread
    • backdoor c2 c2infrastructure chinaaligned cloaking codesigning cppbackdoor crawlingcloak cybersecurity eset eset research gamshen ghostredirector iis incidentresponse ioc hunting native module persistence potato potatoexploit powershell privilegeescalation rungan seo seo fraud seofraud seothreat sqlinjection threat intelligence threatactor threatintelligence w3wp web shell websecurity webserversecurity webshell windows windowsserver windowsservers
    • Replies: 3
    • Forum: Windows News
  6. News

    AA20-266A: LokiBot Malware

    Original release date: September 22, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise frameworks for all referenced threat actor techniques. This product was written by the Cybersecurity and...
    • News
    • Thread
    • android trojan att&ck backdoor cisa credential theft cybersecurity exfiltration incident response information theft keylogger lokibot malicious attachments malspam malware mitigation password theft phishing spearphishing threat detection windows security
    • Replies: 0
    • Forum: Security Alerts
  7. News

    AA20-209A: Potential Legacy Risk from Malware Targeting QNAP NAS Devices

    Original release date: July 27, 2020 Summary This is a joint alert from the United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). CISA and NCSC are investigating a strain of malware known as QSnatch, which...
    • News
    • Thread
    • analysis backdoor campaigns cisa credential scraper cybersecurity exfiltration firmware infections malware mitigation nas devices ncsc network storage persistence qnap qsnatch risk security threat
    • Replies: 0
    • Forum: Security Alerts
  8. News

    AA20-031A: Detecting Citrix CVE-2019-19781

    Original release date: January 31, 2020 Summary Unknown cyber network exploitation (CNE) actors have successfully compromised numerous organizations that employed vulnerable Citrix devices through a critical vulnerability known as CVE-2019-19781.Link Removed Though mitigations were released...
    • News
    • Thread
    • alert apache backdoor citrix cve-2019-19781 cybersecurity detection exploitation firmware intrusion iocs log review mitigations network network traffic processes remediation security technical vulnerability
    • Replies: 0
    • Forum: Security Alerts
  9. Neemobeer

    Discord Altering Malware

    Interesting info stealing malware that alters Discord. Discord Turned Into an Info-Stealing Backdoor by New Malware
    • Neemobeer
    • Thread
    • backdoor cybersecurity discord hacking info-stealing malware privacy security software threats
    • Replies: 1
    • Forum: Windows Security
  10. L

    Windows 10 Help with finding backdoor

    Ok, so i have been hacked. Even with rsa key, this person still gets in into my ssh server. I watched bitvise popup and say "accepting connection from china on ip 111.x.x.x" So somehow they are getting in and i do not know how. As of now, the server is turned off. here is a pic. So how do i...
    • LT72884
    • Thread
    • backdoor bitvise china connection cybersecurity data protection hacking incident response ip address malware network remote access rsa key security server ssh system security trojan troubleshooting vulnerability
    • Replies: 10
    • Forum: Windows Networking
  11. News

    TA14-353A: Targeted Destructive Malware

    Original release date: December 19, 2014 Systems Affected Microsoft Windows Overview US-CERT was recently notified by a trusted third party of cyber threat actors using a Server Message Block (SMB) Worm Tool to conduct cyber exploitation activities recently targeting a major entertainment...
    • News
    • Thread
    • anti-virus backdoor c2 infrastructure compromise cybersecurity data loss destruction exploit hard drive indicators malware mitigation network propagation proxy tool security smb system security threat worm
    • Replies: 0
    • Forum: Security Alerts
  12. L

    Windows 7 Trojan horse on a computer.

    Hello, Sorry if i posted it in wrong place. I have program that tells me that i have lots of bad trojans such as Trojan.win32/agent trojan-spy etc. Program is called Advanced system care 6 pro. I installed it today and when I ran scan it said scanning trojan.win32/agent trojan.win32/vunto...
    • Lapiz
    • Thread
    • advanced system care antivirus avast backdoor computer help folder scan malware malwarebytes safe mode scan security slow performance software removal spyware superantispyware system issues trojan trojan removal virus windows
    • Replies: 7
    • Forum: Windows Help and Support
  13. Alex Poulos

    Windows Vista Conime.exe shows up in Startup list - located at %windir%\system32\conime.exe - Virus? or no?

    I've heard and seen mixed reviews about this same question - some about where its specifically located to differentiate whether its the backdoor trojan or it being the real program I've scanned my system with MalwareBytes and Norton 360 Heres a few lists pertaining to my system: Tasklist...
    • Alex Poulos
    • Thread
    • backdoor conime.exe detection help jotti-virusscan malware malwarebytes norton processes scan security startup system32 tasklist technical threats trojan virus virustotal windows
    • Replies: 2
    • Forum: Windows Help and Support
  14. B

    Windows 7 Could use some help with these issues and a trojan....

    I use Windows 7 Home Premium, 32-bit OS on a Lenovo G530 (so I'm having enough issues with my screen brightness, too). About a week ago my computer's anti-virus security program, Avast, started detecting possible infections but when I went to take care of them, the program wouldn't do...
    • binni
    • Thread
    • avast backdoor brightness computer help drivers error code file permission infections internet issues lenovo malware manual removal norton security system restore system32 tech support trojan virus windows 7
    • Replies: 2
    • Forum: Windows Security
  15. M

    The Windows Boot Process Can Be Killed by New Yonsole.A Backdoor According to Microsoft

    A new piece of malware is capable of killing the Windows boot process, according to Microsoft. Win32/Yonsole.A is a backdoor Trojan, a term that defines a piece of malicious code designed to compromise computers and subsequently connect to a server controlled by the attacker, receive and execute...
    • Mitchell_A
    • Thread
    • antivirus backdoor boot process compromise computer security cybersecurity infection malicious code malware master boot record mbr microsoft pc issues protection remote server trojan user control virus windows yonsole
    • Replies: 0
    • Forum: Windows News
  16. reghakr

    Mac spyware infiltrates popular download sites

    A spyware application that surreptitiously scans chat logs and hard drives of unsuspecting Mac users has found its way onto three of the more popular download sites, security researchers said Tuesday. Dubbed OSX/OpinionSpy, the spyware is distributed through software available on sites...
    • reghakr
    • Thread
    • application backdoor browser chat logs data theft download sites encryption hard drive intego mac malware osx privacy screensaver security spyware surveillance user data white-hat hacker windows
    • Replies: 1
    • Forum: General Computing
  17. Celestra

    Windows 7 Energizer Bunny's Software Infects PC's With Trojan

    March 7, 2010 USB Battery Recharger Status Software contains Trojan, says US-CERT ( United States Emergency Readiness Team) Back door Malware software that accompanies the Energizer DUO USB Battery Charger contains Trojan Horse that gives hackers total access to a Windows PC. The Energizer...
    • Celestra
    • Thread
    • backdoor device dll energizer hacker infection malware recharger registry removal security software status threat trojan us-cert usb windows
    • Replies: 0
    • Forum: Windows Security
  18. News

    Microsoft Denies Windows 7 'Backdoor' (IGN Gear)

    Developer says the government was granted no access privileges to their newest operating system. Link Removed - Invalid URL
    • News
    • Thread
    • access backdoor government microsoft operating system security windows 7
    • Replies: 2
    • Forum: Live RSS Feeds
Back
Top