Infected with Backdoor Bifrose ?
The Backdoor Bifrose application opens ports to facilitate remote access to the computer.
The Backdoor Bifrose program creates a connection that allows remote users to install a Remote Access Tool (RAT) application. This RAT program provides server-to-client connection between the computer and the remote systems. The server component receives and executes commands given by a remote user. The client component is the application utilized by the remote user to send out commands. The server component connects to a preconfigured Internet Protocol (IP) address through an opened port. This program opens unused ports utilized in waiting commands issued by the remote user. The remote user may then start sending commands upon establishment of the server-client connection. The commands include uploading, downloading and deletion of files stored in the computer. Personal information may also be collected by surveillance tools by using the connection established by this application.
The server component installed by the RAT application may have the capability to change the port and IP address used by the Backdoor Bifrose program. The application uses a rootkit application to change its executable file name and its Windows registry startup value. Rootkit tools may also disable anti-malware programs and hide the program's processes. This makes the application difficult to detect or terminate.
The client component of the RAT program may send out commands such as browse and terminate currently running processes, manage files, close and open Windows, gather system information, extract passwords and usernames, and log keystrokes done on the computer.
This program reputedly creates the system.exe file upon execution. The application saves the EXE file created on the system folder. The program also generates the encrypted file plugin1.dat in the system directory. The Backdoor Bifrose application also adds new startup registry entries to allow the program to execute on every Windows startup.
This application was first detected on October 12, 2004. The program is also known as:
* and Bifrost 1.2.1.
|Threat Level: Severe Risk|
|Records personal data / keystrokes|
|Hijacks internet browser|
|Allows remote influence|
|Downloads unsolicited files|
|Disables programs / system|
|Makes unauthorized phone calls|
|Exploits a security flaw|
|Floods internet connection|
|Tracks browsing activity with installed applications|
|Tracks browsing activity with cookies|
|Installs without user consent|
|Inadequate uninstall procedures|
|Insufficient privacy disclosure and consent|
|Uses excessive system resources|
|Makes fraudulent claims about spyware detection and removal|
|Performs Silent Updates|
Microsoft is a registered trademark of Microsoft Corporation in the United States and/or other countries.