Home / malware Backdoor.Owashell
First posted on 15 October 2015.
Source: SymantecAliases :
There are no other names known for Backdoor.Owashell.
Explanation :
The Trojan is known to exist on Outlook Web App (OWA), a webmail component of Microsoft Exchange Server.
When the Trojan's malicious .DLL file is loaded by OWA, it creates the following file:
[DRIVE LETTER]\log.txt
The Trojan attempts to steal the following information:
TimeUser Host AddressUsernamePasswordUser Agent
The Trojan encrypts the stolen information and stores it in the following file:
[DRIVE LETTER]\log.txt
The Trojan opens a back door on the compromised computer.
The Trojan may then perform the following actions:
Access the currently available disk drives and web root pathAccess directory informationWrite or read to filesDelete, copy, move, or create directories or filesSend stolen information to attackerUpdate files or directories creation, last write, or last access timesDownload and execute filesAccess SQL DB informationExecute SQL DB queriesLast update 15 October 2015
