Malware type: Backdoor

Aliases: Backdoor.Win32.Agent.dll (Kaspersky), BackDoor-CIT (McAfee), Trojan Horse (Symantec), TR/Dropper.Gen (Avira), Troj/Bckdr-QKP (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: Yes

Description: 

This backdoor may be dropped by other malware, specifically TROJ_PPDROP.K. It may also be downloaded unknowingly by a user when visiting malicious Web sites.

This backdoor is injected into a process running in memory. It then creates a registry entry to enable its automatic execution at every system startup.

This backdoor allows a remote user to obtain files from an affected system. It accesses a remote site to allow a remote malicious user to connect to the affected system. Once a successful connection is established, the remote user is able to execute commands on the affected system.

It drops a non-malicious file into which it saves gathered information. It then sends the gathered information to a specific email address.

It sends the gathered information to a predetermined email address using its own Simple Mail Transfer Protocol (SMTP) engine.

For additional information about this threat, see:
Solution
Technical Details

Description created: Dec. 29, 2007 5:21:28 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.