EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
|20 % (Normal)
|November 6, 2012
|June 27, 2023
In November of 2012, ESG security researchers received news of a dangerous backdoor Trojan that seems to be connected to the infamous Gh0st remote access Trojan. It is clear that Backdoor.ADDNEW is based on DaRK, a malware infection used to carry out DdoS (Distributed Denial of Service) attacks, which was created in the Russian Federation. However, it seems that Backdoor.ADDNEW has several connections with Gh0st that have caught the attention of PC security researchers.
Backdoor.ADDNEW's Connection with the Gh0st Remote Access Trojan and Gh0stNet
Gh0st is a remote access Trojan that is associated with a large malware network known as Gh0stNet that uses servers located in China. Most computers that become a part of this vast network of infected computers become infected from spam email attachments that are Trojans capable of downloading and installing the Gh0st remote access Trojan on the victim's computer. Typically, a social engineering attack allows criminals to install a rootkit and a backdoor Trojan on the victim's computer which is then used to install the remote access component. These malware attacks have long been believed to have some association with the Chinese government due to their use in attacks against the Dalai Lama and organizations that support the Free Tibet movement. The main reason why PC security researchers have been surprised by Backdoor.ADDNEW is that Backdoor.ADDNEW tends to coexist with the Gh0st remote access Trojan on infected computers. It even uses the same command and control IP address as variants of Gh0st to connect to a command and control server located in France.
The main functions associated with the Backdoor.ADDNEW Trojan include stealing passwords stored by Firefox, using the infected computer to carry out DdoS attacks in combination with other infected computers and typical functions of the most common remote access Trojans. Computers infected with Backdoor.ADDNEW will often become infected with Gh0st within a few days of becoming infected with the Backdoor.ADDNEW Trojan, indicating that these two malware infection complement each other and work together in some way. However, PC security researchers still need to examine the code for Backdoor.ADDNEW, DaRK and Gh0st carefully, a task that is not easy considering how heavily obfuscated these kinds of malware infections tend to be. One measure to protect yourself from a Backdoor.ADDNEW infection is to use a strong anti-spam filter to prevent phishing emails containing this malware threat to find their way to your email inbox.
Backdoor.ADDNEW may call the following URLs: