Backdoor:Win32/Talsab.C

Backdoor:Win32/Talsab.C Description

Backdoor:Win32/Talsab.C is a dangerous backdoor Trojan that was first detected in February of 2011. However, ESG security researchers have noted that a lot of Backdoor:Win32/Talsab.C's code has been around for several years. This is because malware developers tend to copy and paste large portions of code from one malware threat to another. Despite its lack of originality, it is important to understand that the Backdoor:Win32/Talsab.C Trojan poses a severe threat to a computer's integrity and can place your private information at risk. To protect your computer from Backdoor:Win32/Talsab.C and similar Trojan infections, ESG malware researchers strongly advise using a reliable anti-malware program and ensuring that it has the latest malware descriptions and security updates.

Backdoor:Win32/Talsab.C Uses Recycled Code from Numerous Other Backdoor Trojans

ESG security researchers have observed numerous backdoor Trojans that share very similar features due to this tendency to copy code, Backdoor:Win32/Talsab.C included. The implementation of several features in these backdoor Trojans, such as transferring files, creating connections to a remote server, capturing screenshots, and disabling popular anti-virus programs is possible by copying and pasting large portions of code from previous backdoor Trojans. In fact, most backdoor Trojans differ not in their payload, but in the way they defend themselves from anti-malware software. Since most of these kinds of Trojans are already quite effective at what they do, the priority for malware developers seems to be creating better obfuscating and anti-detection components.

The main payload of Backdoor:Win32/Talsab.C involves recording keystrokes on the infected computer and allowing criminals to take over your computer, controlling it from a remote location. To do this, Backdoor:Win32/Talsab.C installs a backdoor that criminals use to gain access to your computer. The Backdoor:Win32/Talsab.C can be contained in several known executable files as well as in a corrupted system file. Once installed, Backdoor:Win32/Talsab.C makes changes to the Windows Registry. These changes allow Backdoor:Win32/Talsab.C to run automatically as soon as Window starts up. Backdoor:Win32/Talsab.C will rarely be installed directly by the victim and will typically be installed with the help of a Trojan dropper or another kind of secondary Trojan infection. Once installed, Backdoor:Win32/Talsab.C will attempt to establish an unauthorized connection with several remote URLs through an unauthorized open port in the infected computer's security. Through this port, criminals can communicate with Backdoor:Win32/Talsab.C, send instructions and receive stolen data from this malware infection.

Technical Information

File System Details

Backdoor:Win32/Talsab.C creates the following file(s):
# File Name Detection Count
1 %AppData%\scrss.exe N/A
2 %AppData%\dllhost.exe N/A
3 %AppData%\pagefile.sys N/A
4 %AppData%\rundll.exe N/A

Registry Details

Backdoor:Win32/Talsab.C creates the following registry entry or registry entries:
RegistryKey
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "ctfmon" = "%AppData%\[malware file name]"