Home / malware Backdoor:Win32/Lisfel.B
First posted on 24 October 2012.
Source: MicrosoftAliases :
Backdoor:Win32/Lisfel.B is also known as Win-Trojan/Lisfel.108032 (AhnLab).
Explanation :
Backdoor:Win32/Lisfel.B is a backdoor trojan that allows unauthorized access and control of an affected computer. It is dropped by TrojanDropper:Win32/Lisfel.A and loaded by Backdoor:Win32/Lisfel.C.
Installation
Backdoor:Win32/Lisfel.B is dropped by TrojanDropper:Win32/Lisfel.A to a folder that it selects based upon specific rules contained in its code.
In the wild, we have observed the backdoor trojan dropped with the file name "user.dll".
It is loaded by Backdoor:Win32/Lisfel.C at each Windows start.
Payload
Allows backdoor access and control
Backdoor:Win32/Lisfel.B allows unauthorized access and control of your computer by contacting the remote host at "<removed>.ac.kr" using HTTP port 80.
An attacker can perform any number of different actions on an affected computer using Backdoor:Win32/Lisfel.B. This could include, but is not limited to, the following actions:
Additional information
- Download and execute arbitrary files
- Upload files
- Obtain information about your computer, such as the following:
- Your computer's name
- The MAC (Media Access Control) address of your network adapter
- Your operating system version
TrojanDropper:Win32/Lisfel.A, Backdoor:Win32/Lisfel.B, and Backdoor:Win32/Lisfel.C all work together to infect your computer and deliver the payload which allows backdoor access and control. If you are infected with one of these components, then it is likely you are infected with the other components as well. For more information on how these infections work together, please see their individual entries.
Related encyclopedia entries
TrojanDropper:Win32/Lisfel.A
Backdoor:Win32/Lisfel.C
Analysis by Chun Feng
Last update 24 October 2012
