1. /
  2. Security Response/
  3. Backdoor.Trojan

Backdoor.Trojan

Risk Level 1: Very Low

Discovered:
February 11, 1999
Updated:
May 6, 2002 3:37:23 PM
Type:
Trojan
Infection Length:
Varies
Systems Affected:
Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
Backdoor.Trojan is a detection name used by Symantec to identify malicious software programs that share the primary functionality of enabling a remote attacker to have access to or send commands to a compromised computer.

As the name suggests, these threats are used to provide a covert channel through which a remote attacker can access and control a computer. The Trojans vary in sophistication, ranging from those that only allow for limited functions to be performed to those that allow almost any action to be carried out, thus allowing the remote attacker to almost completely take over control of a computer.

A computer with a sophisticated back door program installed may also be referred to as a "zombie" or a "bot". A network of such bots may often be referred to as a "botnet". Botnets have been well publicized in the news over the years, with different instances being given specific names such as Kraken, Mariposa, or Kneber, along with claims of hundreds of thousands of nodes belonging to certain networks.

Typical back door capabilities may allow a remote attacker to:
  • Collect information (system and personal) from the computer and any storage device attached to it
  • Terminate tasks and processes
  • Run tasks and processes
  • Download additional files
  • Upload files and other content
  • Report on status
  • Open remote command line shells
  • Perform denial of service attacks on other computers
  • Change computer settings
  • Shut down or restart the computer

Backdoor Trojan horse programs have become increasingly popular amongst malware creators over the years because of the shift in motivation from fame and glory to money and profit. In today's black market economy, a computer with a back door can be put to work performing various criminal activities that earn money for their controllers. Schemes such as pay per install, sending spam emails, and harvesting personal information and identities are all ways to generate revenue.

If a Symantec antivirus product displays a detection alert for this threat, it means the computer is already protected and the Symantec product will effectively remove this threat from the computer.

Antivirus Protection Dates

  • Initial Rapid Release version February 11, 1999
  • Latest Rapid Release version November 24, 2014 revision 009
  • Initial Daily Certified version February 11, 1999
  • Latest Daily Certified version November 23, 2014 revision 001
  • Initial Weekly Certified release date February 17, 1999
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy

Damage

  • Damage Level: Medium
  • Payload: Opens a back door

Distribution

  • Distribution Level: Low
Writeup By: Hon Lau

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver