PoisonIvy

Poison Ivy is a backdoor Trojan that infects normal system processes before Poison Ivy tears a hole straight through your computer's security. A PC that's plagued by a Poison Ivy backdoor infection may show no symptoms of being attacked and you should use anti-malware programs to find and remove Poison Ivy backdoor, when such programs are available for use. Recent Poison Ivy backdoor attacks have been linked to spam email messages that pretend to be sent by the webmaster of a career database website. Since this exploit may not yet be patched on even very competent anti-malware products, SpywareRemove.com malware experts warn that you should take particular care to avoid downloading email file attachments; unless you're absolutely certain that they're safe.
 

Why That 'Harmless' Email Might Just Have Poison Ivy Backdoor All Over It

As of late August 2011, SpywareRemove.com malware research team has found that many Backdoor.PoisonIvy trojans are spreading through email file attachments. The current Poison Ivy backdoor email template contains the message 'I forward this file to you for review. Please open and view it' along with an .xls (Microsoft Excel) file attachment and appears to be sent by the webmaster for Beyond.com. You can also recognize this message by looking for the '2011 Recruitment Plan' subject line.
 
Despite having the visible file type of an Excel document, SpywareRemove.com malware researchers have found that the file attachment is, in reality, a Flash file that's executed by Excel due to an unforeseen program vulnerability. In the future, keeping Microsoft Excel and other Windows components patched, may help to close such loopholes, but for the time being, avoiding the file itself is your best protection against Poison Ivy backdoor.
 
Poison Ivy backdoor can also be detected by several other aliases, including Backdoor:Win32/Poison, Backdoor.PoisonIvy.CV, Mal/Behav-285, Packed.Win32.Black.a, W32/Sdbot.worm and W32.IRCBot (the latter due to Poison Ivy backdoor's predisposition to contact IRC servers to receive instructions). Other names for notable variants of Poison Ivy backdoor, such as Backdoor:Win32/Poison.BC, Backdoor:Win32/Poison.AQ, or Backdoor:Win32/Poison.M are also common.
 

Why You Don't Want Poison Ivy Backdoor to Leave Your PC Scratching

SpywareRemove.com malware researchers have noted that Poison Ivy backdoor is exceptionally difficult to notice, since a standard Poison Ivy backdoor infection will corrupt explorer.exe and iexplore.exe, instead of creating its own memory processes. This also allows Poison Ivy backdoor to ignore your firewall without creating any setting changes that you might be able to notice, although you may still be able to monitor Poison Ivy backdoor by watching for excessive memory usage.
 
After infecting Windows, Poison Ivy backdoor will contact a remote IRC server to receive instructions. Hazards that are related to this behavior that SpywareRemove.com malware researchers have observed include, but aren't restricted to the list below:

• Poison Ivy backdoor may install other forms of harmful software, such as rogue security programs, keyloggers, Trojans or viruses.
• Poison Ivy backdoor may change Windows settings to lower your computer's security and make the system vulnerable to additional attacks.
• Poison Ivy backdoor may allow remote criminals to control your PC, including allowing criminals to steal private information, destroy files or force your computer to take part in crimes like DDoS attacks.

Because of the high level of security risk that any Poison Ivy backdoor infection causes, you should be prepared to use whatever anti-malware software and strategies are required to remove Poison Ivy backdoor for good.

Technical Details