BKDR_PERLBOT.SMM

 Analysis by: Erika Bianca Mendoza

 PLATFORM:

Windows 2000, Windows XP, Windows Server 2003

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Backdoor

  • Destructiveness: No

  • Encrypted: No

  • In the wild: Yes

  OVERVIEW

This backdoor may be downloaded by other malware/grayware/spyware from remote sites. It may be unknowingly downloaded by a user while visiting malicious websites.

  TECHNICAL DETAILS

File Size:

29601 bytes

File Type:

Other

Memory Resident:

No

Initial Samples Received Date:

16 Sep 2010

Payload:

Compromises system security

Arrival Details

This backdoor may be downloaded by other malware/grayware/spyware from remote sites.

It may be unknowingly downloaded by a user while visiting malicious websites.

NOTES:
This is Trend Micro's detection for backdoor trojans written using Perl Script. It connects to a remote IRC server to listen and wait for commands coming from a malicious user. Once successfully connected, it can perform a number of routines including:

  • Upload/Download files
  • Execute files
  • Denial of Service attack

  SOLUTION

Minimum Scan Engine:

8.900

Step 1

For Windows XP and Windows Server 2003 users, before doing any scans, please make sure you disable System Restore to allow full scanning of your computer.

Step 2

Search and delete the file detected as BKDR_PERLBOT.SMM

[ Learn More ]
Please make sure you check the Search Hidden Files and Folders checkbox in the More advanced options option to include all hidden files in the search result.


Did this description help? Tell us how we did.