Home / malware Backdoor.Typideg.B
First posted on 08 September 2014.
Source: SymantecAliases :
There are no other names known for Backdoor.Typideg.B.
Explanation :
The Trojan is dropped by documents exploiting vulnerabilities in Microsoft Word.
Once executed, the Trojan creates the following file:
%Temp%\word.exe
The Trojan creates the following registry entry so that it runs every time Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"cssauth" = "%Temp%\word.exe"
The Trojan opens a back door on the compromised computer, and connects to the following remote location:
141.108.2.157
It may then perform malicious activities on the compromised computer.Last update 08 September 2014
