BackDoor-AWQ.b
Posted by: jasn [ITS Security] under Virus
June 2, 2009
Virus Notification/Information:
Source: McAfee (Outside Link)
Type: Trojan
Aliases: Trojan Horse [Symantec], Mal/GrayBird-B [Sophos], BackDoor-AWQ.b [McAfee], Backdoor.Win32.Hupigon.ewzk [Kaspersky], Win32/Pigeon.AZLP [CA AV], Backdoor:Win32/Hupigon.gen [MS OneCare]
Platform: Windows
Distribution potential: Low
Reported infections: Medium
Damage potential: Low
Overall risk rating: Low
Method(s) of Infection:
A HTML email message intended to download and execute this trojan is known to have been spammed to users.
Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include internet chat, peer-to-peer networks, newsgroup postings, email, etc.
Description:
An email message constructed to download and execute the trojan is known to have been spammed to users. The spammed message is constructed in HTML format.It is likely to have a random subject line, and its body is likely to bear a head portrait of a lady (loaded from a remote server upon viewing the message):
The body contains HTML tags to load a secondĀ file from a remote server. This file is MIME, and contains the remote access trojan (base64 encoded).
Additional Info:
The spammed message contains links to the image and the encoded trojan at the following server:
http://ns1.jilinfarm.com/member/(blocked)/index.mht
Outgoing HTTP traffic will be seen from the victim machine, to the following server for example:
http://shaowenqi.3322.org