Analysis by: Anthony Joe Melgarejo

 PLATFORM:

Windows, Linux

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Backdoor

  • Destructiveness: No

  • Encrypted: No

  • In the wild: Yes

  OVERVIEW

This backdoor may be downloaded by other malware/grayware/spyware from remote sites. It may be unknowingly downloaded by a user while visiting malicious websites.

  TECHNICAL DETAILS

File Size: 29601 bytes
File Type: Other
Memory Resident: No
Initial Samples Received Date: 16 Sep 2010

Arrival Details

This backdoor may be downloaded by other malware/grayware/spyware from remote sites.

It may be unknowingly downloaded by a user while visiting malicious websites.

NOTES:

This is the Trend Micro detection for malware written using Perl Script. It connects to a remote Internet Relay Chat (IRC) server to listen and wait for commands coming from a malicious user. Once successfully connected, it can perform a number of routines including:

  • Denial of service attack
  • Execute files
  • Upload/download files

  SOLUTION

Minimum Scan Engine: 9.700

Step 1

Before doing any scans, Windows XP, Windows Vista, and Windows 7 users must disable System Restore to allow full scanning of their computers.

Step 2

Search and delete the file detected as PERL_SHELBOT.SMM

[ Learn More ]
Please make sure you check the Search Hidden Files and Folders checkbox in the More advanced options option to include all hidden files in the search result.


Did this description help? Tell us how we did.