Backdoor.Simda

Backdoor.Simda is a harmful backdoor Trojan first released on 18 May, 2011. This disgusting Trojan was designed to afford access to its developers to the infected PC, and also to make it much easier for other types of malware to enter the system. This Trojan infection is regarded by leading security tools to be a severe threat, and users are warned to destroy Backdoor.Simda as soon as possible.

Once Backdoor.Simda securely roots itself in the system, it will execute then check if the Trojan is running from the . If it is not running from this folder, Backdoor.Simda will copy itself as \.exe/ It will modify the following registry entry to execute its copy at Windows start:

In subkey: HKLM\Software\Microsoft\Windows NT\Currentversion\Winlogon
Sets value: "userinit"
With data: "\userinit.exe, \.exe"

The Trojan will also inject code to the process “svchost.exe, and deletes the original executable.

Backdoor.Simda connects to a remote host and relays information of the infected PC to its developers. It will then receive configuration info on where to download additional files to, and other locations from which to download more configuration files. Downloaded files are written to the %TEMP% folder. These files may include more malware. Some of the domains Backdoor.Simda will contact include the following:

gusssiss.com
orlikssss.com
asterixsss.com

The Trojan will also use various techniques to elevate its privileges on the system. It will attempt to log on to the system as an Administrator using a list of passwords:

help
stone
server
pass
idontknow
administrator
admin
666666
111
12345678
1234
soccer
abc123
password1
football1

In order to limit the damage Backdoor.Simda will cause to the PC, and to stop it dead in its tracks, destroy Backdoor.Simda with the help of a powerful security tool which will not only erase Backdoor.Simda but also protect the system against similar attacks in future.