My Door

Mydoor is a backdoor Trojan that may be used in attacks against various non-profit organizations, corporations and governments of Asia, Europe and North America. Besides opening a backdoor through which third parties may control your computer, Mydoor also includes functions for advanced spyware-based attacks that may collect information. PCs estimated as at risk for Mydoor attacks should be monitored carefully for e-mail security breaches. These attacks are a favorite infection method for Axiom, a group of hackers well-known for their connections with Mydoor – and other Trojans of equal notoriety.

One of the Many Doorways for Chinese Hackers to Assault Your PC

Mydoor, AKA Moudour or Gh0st, is a RAT distributed largely by e-mail, which is a characteristic that holds true for many (but not all) Axiom-derived threats. E-mail communications may hide Mydoor installers as legitimate documents for Microsoft Word or Excel, and may include political or business-related subject matter specific to their targets. Vulnerabilities used to install Mydoor may include zero-day exploits, which enable their attacks prior to the production of any security patches that might stop them.

Curious readers of these file attachments will be given legitimate articles or spreadsheets while Mydoor or related Trojans install in the background. Once Mydoor is fully functional, Mydoor gives third parties remote server-based access to the infected PC. This access includes the ability to rename files, delete files, modify file attributes (such as its visibility), issue system changes via a command-line format or browse system information. Malware experts also pointed out some data theft-specific attacks from Mydoor:

• Mydoor may monitor your webcam feed and turn the device on automatically.
• Mydoor may record keyboard-typed information, an attack known as 'keylogging,' where the typed information is recorded to a log that third parties may browse.
• Mydoor also may be set to take screen captures at specific intervals or under various prerequisite conditions.

Keeping the Door to Your Hard Drive Tightly Shut

Both Mydoor and many of the other Trojans distributed by Axiom require the victim to open an e-mail attachment willingly. However, other distribution methods are not necessarily so consensual – and have been known to exploit hacked websites as distribution points using other tactics. While e-mail safety protocols always are commendable, using strong browser security, including disabling unneeded scripts, also may reduce the attack points for installing Mydoor. Actual symptoms of a Mydoor attack, post-installation, are minimal, and Mydoor even may be instructed to uninstall itself to thwart any casual detection attempts.

Mydoor and other byproducts of the Gh0st construction kit may be used by multiple parties, particularly considering that the latter kit is available freely online (for people who know where to search for it). While Mydoor attacks related to Axiom are, without a doubt, its most well-publicized campaigns, even casual PC users will want to have anti-malware tools available for finding or deleting Mydoor infections.