14 DAY TRIAL // In case you're one of those who analyzed the new year and observed that 2008 didn't bring us any backdoor, I got one for your: BKDR_ASPROX.B is that kind of infection affecting most Windows versions, including 98, ME, NT, 2000, XP and Server 2003. But, what's worse is that it has a high damage potential, meaning that it can seriously damage the data stored on your computer. And you'll understand that in the next few lines. First of all, let's see how can you get infected. According to security vendor Trend Micro, the backdoor can be dropped by other malware, but it can be also deployed once the vulnerable user visits a malicious website.
The infection process is started with the opening of the port 80, which will then be used by the backdoor to act as a HTTP proxy, Trend Micro explained. "It then connects to certain sites, and retrieves the connection time for each."
BKDR_ASPROX.B seems to have multiple purposes because, beside acting as a HTTP proxy server, it also gathers e-mail addresses from the affected computer. This is probably done with spamming purposes, because these e-mails can be later used for sending unsolicited messages. Trend Micro notes that all the stolen addresses have to 'satisfy certain conditions', so it probably targets free e-mail services such as Google and Yahoo. We've seen this in the past, so it's probably the same type of e-mail gathering process.
"It uploads specific information to the above-mentioned Web sites, using an HTTP POST command. This backdoor also allows a remote malicious user to perform commands on the affected system", Trend Micro added. "It also retrieves commands and updates from the said sites, by parsing the HTTP page being returned by the server during upload of stolen information. The returned HTTP page is obfuscated. It searches the registry for FTP hosts, user accounts, and passwords."
In case you're a vulnerable user, it may be difficult to remove the infection. So, if you want to remain on the safe side, hurry up and update your antivirus solution with the latest virus definitions released by its vendor.