One cause of these traps is the use of the fetch function (code-forking) in an attempt to carry out the read-modify-write operation. What can trigger a trap is the condition of the address register, which may be that of the address register or of the stack pointer.
Programming errors can include an insufficient check to ensure that data will not be truncated, which can go undetected by reading the application's data rather than the pointer to it. Such errors can be due to a lack of testing, code complexity, the use of outdated languages or development tools, or other issues.
Backdoor Command-Fasji is a generic backdoor command using the same scheme as that used by the interceptor trojan, with the main difference being that, whereas rundll32 is used to open a backdoor connection and execute the initial payload, cmd is used. Some variants of Dasong were found to use a slightly different command, most notably Backdoor_501.
Due to the use of the HTAEMNG protocol in this attack variant, the main infection point is the router. In order to minimize the risk of network disruption to the victim, the attacker uses several backdoors to ensure they can continue to execute through the infected router in case it reboots. Each backdoor is designed to trigger on different events, and the infections can be chained together to create a continuous system compromise. d2c66b5586