Backdoor.Perl.AEI.16
Backdoor.Perl.AEI.16
Backdoor.Perl.AEI.16 (Kaspersky Lab) is also known as: BackDoor-AEI.php (McAfee), Backdoor.Trojan (Symantec), Troj/Bdoor-AEI (Sophos), PERL/AEI.16* (RAV), PERL_AEI.16 (Trend Micro), Perl.Backdoor.RevTunnel.A (SOFTWIN), Backdoor Program (Panda), Perl/AEI.16 (Eset)
| Description added | Nov 28 2007 |
| Behavior | Backdoor |
- Technical details
- Payload
- Removal instructions
This Trojan program is designed to provide remote management of systems running UNIX-type operating systems. It is a Perl scenario. It is approximately 12KB in size.
This Trojan has two parts, a server and a client. The execution depends on the parameters with which the Trojan is launched.
The server part opens a port which is specified in the body of the Trojan. The Trojan waits for a connection to this port and attempts to use the command line interpreter to run all commands received from the remote client.
The client is a shell for sending commands to the server part and for getting service messages.
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
- Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
