Backdoor.Perl.AEI.20
Backdoor.Perl.AEI.20
Backdoor.Perl.AEI.20 (Kaspersky Lab) is also known as: BackDoor-AEI.php (McAfee), Backdoor.Trojan (Symantec), Troj/Bdoor-AEI (Sophos), PHP/RevTunnel.20* (RAV), PHP_REVTUNNEL.A (Trend Micro), Perl/AEI.20 (H+BEDV), Unix/Aei.trojan (FRISK), UNIX:Malware (ALWIL), Perl.Backdoor.RevTunnel.A (SOFTWIN), Backdoor Program (Panda), PHP/RevTun.20 (Eset)
| Description added | Nov 28 2007 |
| Behavior | Backdoor |
- Technical details
- Payload
- Removal instructions
This Trojan program is designed to provide remote management of systems running UNIX-type operating systems. It is a Perl scenario. It is approximately 14KB in size.
This Trojan has two parts, a server and a client. The execution depends on the parameters with which the Trojan is launched.
The server part opens a port which is specified in the body of the Trojan. The Trojan waits for a connection to this port and attempts to use the command line interpreter to run all commands received from the remote client.
The client is a shell for sending commands to the server part and for getting service messages.
The Trojan can also function via a proxy server.
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
- Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
