14 DAY TRIAL // One of the most prolific malware targeting the Windows platform has been decommissioned. Windows users can breathe more relaxed with the knowledge that the makers of Backdoor.Graybird have announced they abandoned the development of the Trojan horse as of March 2007. According to the data provided by Symantec, Backdoor.Graybird, Backdoor.GrayBird [KAV], BackDoor-ARR [McAfee] is a Trojan horse impacting Windows 95, Windows 98, Windows ME, Windows NT, Windows 2000 and Windows XP.
"Graybird was first created in 2001. Initially it was for research purposes and was open source. From early 2003 the author set up Gray Pigeon Studio that developed and sold Graybird. The studio stated that Graybird is a remote administration tool and sold it for 100 Chinese Yuan a year," said Chen Yu, Symantec Security Response Engineer.
Graybird can be run without the user's knowledge and enables an attacker to capture screenshots, control the Webcam, log keystrokes, steal passwords and have access to files stored locally. Symantec also explained that the backdoor can be injected into running processed and even passed for other applications. Graybird also features rootkit capabilities, making it less of a tool for remote administration and more of a backdoor.
"Graybird has been ranked in the top 10 viruses in China for over 3 years. When the studio released the latest version in February 2007, it aroused wide-spread anger amongst Chinese Internet users. The studio made an announcement on the 21st of March that they are disappointed that their product is being misused and decided to terminate development of Gray Pigeon, which is good news," Chen Yu added.
An uninstaller for Graybird was delivered by the Gray Pigeon Studio, but Symantec has informed that the tool is not completely functional. But although the Studio no longer develops Graybird, it does not mean that the malware is dead, but just expired.