Researchers discovered a backdoor-opening malware that uses a “magic code” in order to start communication with the same IP address and port once the C&C server instructs it to do so. The attackers gain permanent access to the machine once the account is created.
Source: http://www.netsecurity.org/malware_news.php?id=2471&utm_source=feedly&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29