I won’t say too much about this backdoor, it basically happens on your router/gateway which accepts a TCP connection on port 32764 Eloi Vanderbeken @elvanderb found this vulnerability last year in December and even though Netgear and Dlink have stated it’s *patched* they actually just disabled it.
I’ve made a small .NET tool which checks to see if you actually are vulnerable to this backdoor the source code can be found on github for those paranoid people -_-
Download:
http://cra0kalo.com/public/TCP32764_Tool.zip
http://github.com/cra0kalo/TCP32764
Further reading and resources:
http://github.com/elvanderb/TCP-32764
http://www.dropbox.com/s/e26s0udwf58idbh/TCP32764_backdoor_again.pdf
