PoisonIvy
Posted: April 17, 2009
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 9/10 |
---|---|
Infected PCs: | 48 |
First Seen: | July 24, 2009 |
---|---|
OS(es) Affected: | Windows |
Poison Ivy is a backdoor Trojan that infects normal system processes before Poison Ivy tears a hole straight through your computer's security. A PC that's plagued by a Poison Ivy backdoor infection may show no symptoms of being attacked and you should use anti-malware programs to find and remove Poison Ivy backdoor, when such programs are available for use. Recent Poison Ivy backdoor attacks have been linked to spam email messages that pretend to be sent by the webmaster of a career database website. Since this exploit may not yet be patched on even very competent anti-malware products, SpywareRemove.com malware experts warn that you should take particular care to avoid downloading email file attachments; unless you're absolutely certain that they're safe.
Why That 'Harmless' Email Might Just Have Poison Ivy Backdoor All Over It
As of late August 2011, SpywareRemove.com malware research team has found that many Backdoor.PoisonIvy trojans are spreading through email file attachments. The current Poison Ivy backdoor email template contains the message 'I forward this file to you for review. Please open and view it' along with an .xls (Microsoft Excel) file attachment and appears to be sent by the webmaster for Beyond.com. You can also recognize this message by looking for the '2011 Recruitment Plan' subject line.
Despite having the visible file type of an Excel document, SpywareRemove.com malware researchers have found that the file attachment is, in reality, a Flash file that's executed by Excel due to an unforeseen program vulnerability. In the future, keeping Microsoft Excel and other Windows components patched, may help to close such loopholes, but for the time being, avoiding the file itself is your best protection against Poison Ivy backdoor.
Poison Ivy backdoor can also be detected by several other aliases, including Backdoor:Win32/Poison, Backdoor.PoisonIvy.CV, Mal/Behav-285, Packed.Win32.Black.a, W32/Sdbot.worm and W32.IRCBot (the latter due to Poison Ivy backdoor's predisposition to contact IRC servers to receive instructions). Other names for notable variants of Poison Ivy backdoor, such as Backdoor:Win32/Poison.BC, Backdoor:Win32/Poison.AQ, or Backdoor:Win32/Poison.M are also common.
Why You Don't Want Poison Ivy Backdoor to Leave Your PC Scratching
SpywareRemove.com malware researchers have noted that Poison Ivy backdoor is exceptionally difficult to notice, since a standard Poison Ivy backdoor infection will corrupt explorer.exe and iexplore.exe, instead of creating its own memory processes. This also allows Poison Ivy backdoor to ignore your firewall without creating any setting changes that you might be able to notice, although you may still be able to monitor Poison Ivy backdoor by watching for excessive memory usage.
After infecting Windows, Poison Ivy backdoor will contact a remote IRC server to receive instructions. Hazards that are related to this behavior that SpywareRemove.com malware researchers have observed include, but aren't restricted to the list below:
- Poison Ivy backdoor may install other forms of harmful software, such as rogue security programs, keyloggers, Trojans or viruses.
- Poison Ivy backdoor may change Windows settings to lower your computer's security and make the system vulnerable to additional attacks.
- Poison Ivy backdoor may allow remote criminals to control your PC, including allowing criminals to steal private information, destroy files or force your computer to take part in crimes like DDoS attacks.
Because of the high level of security risk that any Poison Ivy backdoor infection causes, you should be prepared to use whatever anti-malware software and strategies are required to remove Poison Ivy backdoor for good.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:CLADD
File name: CLADDSize: 20.48 KB (20480 bytes)
MD5: d228320c98c537130dd8c4ad99650d82
Detection count: 76
Group: Malware file
Last Updated: December 11, 2009
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.