Windows Mite backdoor (WindowsMite_TCP_Response)

About this signature or vulnerability

IBM Security Host Protection for Servers (Windows), RealSecure Server Sensor, IBM Security Host Protection for Servers (Unix), Proventia Network MFS, Proventia-G 1.1 and earlier, Proventia Network IDS, Proventia Network IPS, IBM Security Host Protection for Desktops, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology:

This signature detects a Windows Mite backdoor running on your network. This backdoor is typically seen on port 65530/TCP.


Default risk level

High risk vulnerability  High

Sensors that have this signature

IBM Security Host Protection for Servers (Windows): 2.1.14.2400, IBM Security Host Protection for Servers (Windows): 1.0.914.0, RealSecure Server Sensor: XPU 22.37, IBM Security Host Protection for Servers (Unix): 2.2.2, Proventia Network MFS: XPU 1.37, Proventia-G 1.1 and earlier: XPU 22.37, Proventia Network IDS: XPU 22.37, Proventia Network IPS: XPU 1.42, IBM Security Host Protection for Desktops: 8.0.614.1, Virtual Server Protection for Vmware: 1.0, Proventia Server IPS for Linux technology: 1.0

Systems affected

Microsoft Windows

Type

Unauthorized Access Attempt

Vulnerability description

Windows Mite, also known asBackdoor.WindowsMite.10, Backdoor.WindowsMite.10 Backdoor.WinMite and BackDoor-EB, is a backdoor Trojan affecting Microsoft Windows operating systems. The backdoor uses a client/server relationship, where the server component is installed in the victim's system and the remote attacker has control of the client. The server attempts to open a port, typically TCP port 65530, to allow the client system to connect. Windows Mite backdoor could allow a remote attacker to gain unauthorized access to the system.

How to remove this vulnerability

Use an up-to-date antivirus program to determine if the target computer is host to a backdoor program. If the program detects a backdoor, follow its instructions to disinfect and repair the computer.

References

PestPatrol Web site
Windows Mite 1.0
http://pestpatrol.com/pestinfo/w/windows_mite_1_0.asp

ISS X-Force
Windows Mite backdoor
http://www.iss.net/security_center/static/17479.php