Home / malware Backdoor.Cloworm
First posted on 18 February 2016.
Source: SymantecAliases :
There are no other names known for Backdoor.Cloworm.
Explanation :
The Trojan may arrive on the compromised computer as a .DLL file after being dropped by a dropper
The Trojan opens a back door on the compromised computer, and connects to one of the following locations:
198.144.100.73173.194.72.105208.61.229.10200.215.222.105203.70.205.5861.222.137.66unpt.defultname.comgspt.dns1.ushyydn.nortonsoft.commhysix.mcfeesoft.comexchange03.sendsmtp.com
The Trojan may collect the following information and send it to a remote location:
Computer nameIP address
The Trojan may perform the following actions:
Create a remote shellDownload filesExecute filesUpload filesLast update 18 February 2016
