Backdoor:W32/GetShell.A

Backdoor:W32/GetShell.A Description

Backdoor:W32/GetShell.A is the Windows-specific payload of Trojan-Downloader:Java/GetShell.A, a malicious Java applet that detects your OS and installs an ‘appropriate’ type of backdoor Trojan. Backdoor:W32/GetShell.A is responsible for the same dangers that are common to most backdoor Trojans, including opening up your PC to unwanted control by third parties, disabling or reducing your computer’s security features and, potentially, downloading additional PC threats or stealing private information. Since Trojan-Downloader:Java/GetShell.A can’t install Backdoor:W32/GetShell.A without your permission, SpywareRemove.com malware experts particularly recommend that you pay close attention to which applets you grant permission to run on your PC. Backdoor:W32/GetShell.A and related PC threats have been seen being propagated by benevolent websites that have been compromised in hacking attacks, although other means of distributing Backdoor:W32/GetShell.A may open up in the future.

Why Even a Safe Site Can Be Responsible for Backdoor:W32/GetShell.A Being on Your PC

Backdoor:W32/GetShell.A and the Java applet that installs Backdoor:W32/GetShell.A, Trojan-Downloader:Java/GetShell.A, were both first seen on a perfectly reputable website for a Colombian transport company. This site was hacked to add Trojan-Downloader:Java/GetShell.A to the rest of its content, and this vaguely-described Java applet (it self-identifies as merely ‘Java,’ by the ComuTV company) may appear to be a normal part of the website if you’re not familiar with it already.

Thankfully, this site was taken down by the relevant authorities once the breach was discovered, and in the aftermath, SpywareRemove.com malware researchers highlight the importance of web software security to protect your own sites from being forced to distribute Backdoor:W32/GetShell.A.

Visitors to the above site would have received a prompt to run the Trojan-Downloader:Java/GetShell.A applet, with acceptance resulting in the installation of either Backdoor:W32/GetShell.A, Backdoor:Linux/GetShell.A or Backdoor:OSX/GetShell.A. The exact type of backdoor Trojan that’s installed will vary with your OS, with Windows users receiving an unwanted helping of Backdoor:W32/GetShell.A. SpywareRemove.com malware researchers recommend disabling Java or refusing this prompt as easy means of avoiding Backdoor:W32/GetShell.A infections, although actually removing Backdoor:W32/GetShell.A is best performed by appropriate security software.

The Finishing Touches on Backdoor:W32/GetShell.A’s PC-Compromising Plan

Backdoor:W32/GetShell.A and other backdoor Trojans that are installed by Trojan-Downloader:Java/GetShell.A have functionally-identical behavior, in that they all attempt to contact the same IP address for further instructions. These types of unauthorized contact with third parties, known as a backdoor, can be responsible for a virtual rainbow of computer problems, although SpywareRemove.com malware analysts note the following attacks as being most likely for a Backdoor:W32/GetShell.A infection:

Attempted theft of personal information, such as data that’s entered in account login fields.
The establishment of other forms of damaging software, potentially including browser hijackers, worms, spyware or rogue security applications.
Compromised security settings, such as disabled Windows UAC features, altered file-viewing attributes or reduced protection from files with invalid signature identification.
Blocked software such as Task Manager or popular anti-virus scanners.