Backdoor.Win32.Bifrose

General Explanation

Type: Trojan

Degree of destruction: high

Prevalence: average

Names of the malware:

  • Backdoor.Win32.Bifrose
  • Backdoor.Bifrose

What is Trojan?

Trojans are types of malware that reveal themselves as legal and healthy software and act much like applicable and useful software but will cause so much destruction for the system when they are executed.  The downloaded software from the internet, embedded in the HTML text, being attached to an email, etc. are ways for trojans to enter the system. Trojans, contrary to computer worms and viruses are not capable of reproducing.

What is Bifrose malware?

This malware is a key logger that will proceed to store images from the system environment. It creates a backdoor on the victim’s system and sends the system data to its server.

Technical Explanation

Signs of infection

  1. Injecting Bifrose malware to explorer.exe and iexplorer.exe processes and the operation of execution files of these processes
  2. Creating a backdoor on the victim’s system
  3. Randomly, a copy of itself with the name of loadqm.exe in two following addresses:
    • Windows directory
    • System directory
  4. Removing the wmisnt.exe file, if it copies from the main file named wmisnt in the system32 path.

How to deal with it and disinfect the system

Padvish Antivirus will detect this malware and disinfect it from the system. To prevent entering this malware into the system, it is recommended to avoid clicking on the suspicious links and scan the email attached files before execution. Also always keep your OS and antivirus updated.

 

  0 people found this article useful

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>