Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Remove Ingreslock Backdoor and Lock TCP 1524

Security reports have appeared regarding a network vulnerability, identified as Ingreslock backdoor. Ingreslock is a legitimate service that locks parts of an Ingres database and uses TCP 1524 (Transmission Control Protocol). What is troublesome is that the 1524 port is often used by Trojans as a backdoor into a system.

Name Ingreslock Backdoor
Type Backdoor
Short Description A legitimate service that uses 1524 port. TCP 1524 is often used by Trojans as a backdoor.
Symptoms Not known yet.
Distribution Method Not known yet.
Detection Tool Download Malware Removal Tool, to See If Your System Has Been Affected by Ingreslock Backdoor
User Experience Join our forum to discuss Ingreslock backdoor.

What Is Ingres Database?

Ingres Database is a commercially supported, open-source SQL relational database management system which supports big commercial and government programs. Being open-source, Ingres Database has a large community of contributors. Actian Corporation, however, controls the development of Ingres and makes certified binaries available for download, and provides worldwide support.

trojan

Ingreslock Backdoor Technical Review

As already said, the Ingreslock port – 1524/TCP may be used as a backdoor by various programs, which may exploit RPC (remote procedure call) services. According to security experts, the Ingreslock backdoor may be used as an intentional backdoor by malicious actors to obtain access to a system. Malicious actors only need to connect to the port, and they will be logged in, having the same privileges as the user running the service.

A researcher has analyzed a unique attack carried out with the help of Ingreslock port 1524/TCP (for more details, click on the link). The analyzed rootkit that was installed during the malicious operation contained:

trojaned binaries, a couple of DoS tools, solaris patches, sshd backdoor, log cleaner, sniffer, file resizer, and a psy-bnc binary.

This set of tools could have been applied in various malicious operations, including targeted network attacks.

Read More About Backdoor Attacks:
Latentbot Backdoor
Bifrose APT Backdoor

Backdoors, in general, are used to bypass regular authentication in software products and operating systems. When in the hands of malicious actors, backdoors are deployed to gain unauthorized access to a victim’s system. In the current state of cyber crime, backdoors are often used in ransomware attacks. Basically, if a backdoor is open to a system, any malware can enter at any time.

Apart from the attack scenarios described above, a McAfee user has reported seeing Chrome processes that show ports “ingreslock” and “pptp”. The interesting thing is the user says he doesn’t have Ingres Database installed:

I have Tcpview running from startup, and today I noticed something I’ve not seen before. Tcpview showed the local ports being used for two Chrome processes not as numbers but as “ingreslock” and “pptp”. I should have taken a screenshot, because after a couple of minutes – while I was busy Googling to find out what these new things were – the processes ended and vanished from the list.[…] Note, I do not have an Ingres database.

If you have witnessed a similar activity in any of your browsers, you should think of immediately scanning your system to make sure it isn’t compromised by a backdoor.

For now, there is no official explanation as to why these processes appear in systems that don’t have Ingres. We will keep you updated.

Ingreslock Backdoor TCP 1524 Mitigation

Besides running a full system scan, users who have suspicions that a backdoor has sneaked into their systems should lock down the TCP 1524 port at the firewall. A method to do so has been suggested by RWB NetSec.

Then, use a powerful anti-malware utility to determine whether your system is compromised or protected.

donload_now_250
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.