Windows Mite backdoor (WindowsMite_TCP_Response)

About this signature or vulnerability

IBM Security Host Protection for Servers (Windows), RealSecure Server Sensor, IBM Security Host Protection for Servers (Unix), Proventia Network IPS, Proventia Network IDS, Proventia Network MFS, Proventia-G 1.1 and earlier, IBM Security Host Protection for Desktops, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology:

This signature detects a Windows Mite backdoor running on your network. This backdoor is typically seen on port 65530/TCP.


Default risk level

High risk vulnerability  High

Sensors that have this signature

IBM Security Host Protection for Servers (Windows): 2.1.14.2400, IBM Security Host Protection for Servers (Windows): 1.0.914.0, RealSecure Server Sensor: XPU 22.37, IBM Security Host Protection for Servers (Unix): 2.2.2, Proventia Network IPS: XPU 1.42, Proventia Network IDS: XPU 22.37, Proventia Network MFS: XPU 1.37, Proventia-G 1.1 and earlier: XPU 22.37, IBM Security Host Protection for Desktops: 8.0.614.1, Virtual Server Protection for Vmware: 1.0, Proventia Server IPS for Linux technology: 1.0

Systems affected

Microsoft Windows

Type

Unauthorized Access Attempt

Vulnerability description

Windows Mite, also known asBackdoor.WindowsMite.10, Backdoor.WindowsMite.10 Backdoor.WinMite and BackDoor-EB, is a backdoor Trojan affecting Microsoft Windows operating systems. The backdoor uses a client/server relationship, where the server component is installed in the victim's system and the remote attacker has control of the client. The server attempts to open a port, typically TCP port 65530, to allow the client system to connect. Windows Mite backdoor could allow a remote attacker to gain unauthorized access to the system.

How to remove this vulnerability

Use an up-to-date antivirus program to determine if the target computer is host to a backdoor program. If the program detects a backdoor, follow its instructions to disinfect and repair the computer.

References

PestPatrol Web site
Windows Mite 1.0
http://pestpatrol.com/pestinfo/w/windows_mite_1_0.asp

ISS X-Force
Windows Mite backdoor
http://www.iss.net/security_center/static/17479.php