The Trojan may be dropped by exploiting an existing vulnerability.
Backdoor.Hadmad is a back door Trojan that is written in server side script, such as PHP or JSP. It runs only on HTTP and is executed by a remote attacker.
When the Trojan is executed, it opens a back door on the compromised computer, allowing an attacker to perform the following actions:
- List, copy, modify, and delete files
- Execute shell scripts
- Manage databases
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":