ThreatExpert's Statistics for Backdoor.Trojan [Symantec]:

Backdoor.Trojan [Symantec] is also known as:

Threat Alias	Number of Incidents
Trojan-Downloader.Win32.Agent.bfj [Kaspersky Lab]	102,044
TROJ_AGENT.ZGE [Trend Micro]	72,361
Trojan.DL.Agent.WEZ [PC Tools]	72,361
TROJ_AGENT.VJC [Trend Micro]	36,990
Trojan-Downloader.Agent!sd5 [PC Tools]	19,875
Generic.dx [McAfee]	17,866
IRC/Flood.gen.e [McAfee]	3,200
Trojan.Zapchast [PC Tools]	3,200
not-a-virus:Client-IRC.Win32.mIRC.601 [Kaspersky Lab]	3,152
BKDR_ZAPCHAST.AX [Trend Micro]	2,800
Troj/Mirchack-A [Sophos]	1,900
Trojan:Win32/Zapchast [Microsoft]	1,900
not-a-virus:Client-IRC.Win32.mIRC [Ikarus]	1,471
Generic BackDoor [McAfee]	1,266
BackDoor-CXI [McAfee]	743
Trojan.DL.CKSPost.Gen [PC Tools]	734
Backdoor.IRC.Bot [Symantec]	700
Mal/Generic-A [Sophos]	687
TSPY_QQROB.AOA [Trend Micro]	645
Trojan-PSW.QQRob!sd5 [PC Tools]	629
Backdoor:Win32/Poisonivy.E [Microsoft]	628
WORM_NUCRP.GEN [Trend Micro]	583
Backdoor.Win32.Poison.pg [Kaspersky Lab]	580
Backdoor.Win32.Delf.ash [Kaspersky Lab]	523
Troj/Keylog-JV [Sophos]	513
Win-Trojan/IRCHack.593262 [AhnLab]	500
BackDoor-CZP [McAfee]	438
Trojan.Qhost.EP [PC Tools]	432
Virus.Win32.Poison [Ikarus]	432
Backdoor.Cakl [PC Tools]	423
Trojan.Win32.Qhost.abh [Kaspersky Lab]	384
Mal/Packer [Sophos]	371
New Malware.aq [McAfee]	358
Trojan-Proxy.Agent!sd5 [PC Tools]	349
BKDR_CAKL.OF [Trend Micro]	348
Proxy-Agent.be [McAfee]	342
BackDoor-DKI.gen.a [McAfee]	333
TROJ_RENOS.MQ [Trend Micro]	320
Backdoor.Win32.VB [Ikarus]	297
Win-Trojan/Poison.8192.AF [AhnLab]	254
TROJ_DLOADER.EGF [Trend Micro]	240
Backdoor.Win32.Cakl.a [Kaspersky Lab]	225
Backdoor.Win32.Vipdataend.gu [Kaspersky Lab]	225
Troj/QQRob-ABW [Sophos]	225
Trojan.Pangu.Gen.1 [PC Tools]	218
Backdoor.IRCBot!sd6 [PC Tools]	215
Backdoor.Win32.Cakl.d [Kaspersky Lab]	209
Virus.Win32.AutoRun.od [Ikarus]	208
Win-Trojan/Xema.variant [AhnLab]	206
Virus.Win32.AutoRun.k [Kaspersky Lab]	201
TrojanDownloader:Win32/Emerleox [Microsoft]	200
BackDoor-DSS [McAfee]	192
BackDoor-AWQ.b [McAfee]	191
Virus.Win32.Trojan [Ikarus]	186
Backdoor.Win32.IRCBot [Ikarus]	183
Win32/IRCBot.worm.variant [AhnLab]	174
TROJ_SPAMBOT.B [Trend Micro]	172
Trojan-Downloader.Win32.Agent.bl [Kaspersky Lab]	172
Trojan-Dropper.Agent [Ikarus]	169
BKDR_AHZE.NY [Trend Micro]	163
TROJ_MALOE5.A [Trend Micro]	160
Generic Downloader.s [McAfee]	156
W32/Sdbot.worm [McAfee]	155
Backdoor.VB.DVIH [PC Tools]	153
BackDoor-DVR [McAfee]	150
Backdoor.Win32.Hupigon [Ikarus]	146
Backdoor:Win32/Poisonivy.H [Microsoft]	146
VirTool:Win32/CeeInject.gen!R [Microsoft]	146
Troj/Agent-JCU [Sophos]	144
Win-Trojan/ARPSpoofer.36725 [AhnLab]	144
Win-Trojan/ARPSpoofer.92719 [AhnLab]	144
Mal/Inject-M [Sophos]	137
Trojan.Win32.Veslorn [Ikarus]	137
Virus.Win32.Agent.AAGI [Ikarus]	127
BackDoor-DKA [McAfee]	126
WORM_AGENT.SPS [Trend Micro]	126
Backdoor.Win32.IRCBot.jvw [Kaspersky Lab]	120
BKDR_DELF.CMV [Trend Micro]	120
Troj/Bckdr-QPB [Sophos]	118
Backdoor.VB!sd6 [PC Tools]	117
Downloader-BMN [McAfee]	115
Trojan-Dropper.Delf [Ikarus]	115
TrojanDownloader:Win32/Tracur.A [Microsoft]	111
Generic Downloader.x [McAfee]	110
Mal/EncPk-FH [Sophos]	109
Backdoor.VB.GEN [PC Tools]	108
BackDoor-DKI [McAfee]	107
Backdoor.IRCBot [PC Tools]	106
Trojan:Win32/Midgare.A [Microsoft]	105
Win32.SuspectCrc [Ikarus]	104
Troj/Agent-INP [Sophos]	103
Backdoor.Win32.Poison [Ikarus]	102
Backdoor.Win32.Poison.cpb [Kaspersky Lab]	101
Trojan-Proxy.Win32.Agent.lv [Kaspersky Lab]	101
Backdoor.Win32.IRCBot.csk [Kaspersky Lab]	100
Backdoor.Win32.Shark.dxa [Kaspersky Lab]	100
Backdoor.Win32.VB.brg [Kaspersky Lab]	100
not-a-virus:Client-IRC.Win32.mIRC.601 [Ikarus]	100
Backdoor:Win32/Small.D [Microsoft]	96
Trojan.Win32.Midgare.hhn [Kaspersky Lab]	95

Backdoor.Trojan [Symantec] has the following possible countries of origin:

Origin		Number of Incidents
	Russian Federation	3,397
	China	899
	Netherlands	351
	Germany	157
	Slovenia	93
	Spain	57
	Sweden	51
	Brazil	45
	France	45
	United Kingdom	45
	Italy	30
	Ukraine	29
	Turkey	27
	Poland	23
	Iran	21
	Republic of Korea	17
	Saudi Arabia	15
	Israel	14
	Portugal	11
	Canada	8
	Taiwan	8
	Switzerland	7
	Japan	5
	Australia	4
	Slovakia	4
	Egypt	3
	Greece	3
	Belgium	2
	Bulgaria	2
	Czech Republic	2
	New Zealand	2
	Norway	2
	Thailand	2
	Algeria	1
	Argentina	1
	Denmark	1
	Estonia	1
	Finland	1
	Viet Nam	1

Backdoor.Trojan [Symantec] is known to be created as:

%AllUsersProfile%\drm\drm.exe

%AppData%\1.exe

%AppData%\80.exe.exe

%AppData%\bifrost\server.exe

%AppData%\cftmon.exe

%AppData%\google\update\googleupdatebeta.exe

%AppData%\gpass\gfltdrv.sys

%AppData%\iexplorer.exe

%AppData%\key folder\sql2005.dll

%AppData%\kf8ze.exe

%AppData%\lsasrv.exe

%AppData%\microsoft\appdyo.exe

%AppData%\microsoft\windows\winlogon.exe

%AppData%\my_server.exe

%AppData%\num.5.0.46.build.1205-patch.exe

%AppData%\ontwv.exe

%AppData%\spool.exe

%AppData%\svchost32.exe

%AppData%\system\svchost32.exe

%AppData%\update.exe

%AppData%\waults.exe

%AppData%\windowsupdate.exe

%AppData%\wuauct.exe

%AppData%\xlibgfl254.dll

%CommonAppData%\%computername%\taskenv.exe

%CommonAppData%\microsoft\crypto\dss\dss.exe

%CommonAppData%\microsoft\crypto\dss\machinekeys\machinekeys.exe

%CommonAppData%\microsoft\crypto\rsa\machinekeys\machinekeys.exe

%CommonAppData%\microsoft\crypto\rsa\rsa.exe

%CommonAppData%\microsoft\crypto\rsa\s-1-5-18\s-1-5-18.exe

%CommonAppData%\microsoft\microsoft.exe

%CommonAppData%\microsoft\network\connections\cm\cm.exe

%CommonAppData%\microsoft\network\connections\connections.exe

%CommonAppData%\microsoft\network\connections\pbk\pbk.exe

%CommonAppData%\microsoft\network\install.exe

%CommonAppData%\microsoft\network\network.exe

%CommonAppData%\vmware\vmware.exe

%CommonDesktopDir%\desktop.exe

%CommonDocuments%\settings\abc32.dll

%CommonDocuments%\settings\bot.dll

%CommonDocuments%\settings\winsys2f.dll

%CommonFavorites%\netservice.exe

%CommonFavorites%\plugin\001.dll

%CommonPrograms%\startup\avp.exe

%CommonPrograms%\startup\gbplugin.exe

%CommonPrograms%\startup\msnmsg.scr

%CommonPrograms%\startup\rf3.exe

%CommonPrograms%\startup\svchost.exe

%CommonPrograms%\startup\svckost.exe

%DesktopDir%\counterstrike.exe

%DesktopDir%\halflife.exe

%DownloadedProgramFiles%\d0j1q3kh.dll

%DownloadedProgramFiles%\n35.dll

%DownloadedProgramFiles%\ummu.dll

%FontsDir%\360eaec0.exe

%FontsDir%\b4b147bc522828731f1a016bfa72c073\system\clfmon.exe

%FontsDir%\comres.dll

%FontsDir%\nwlnkfwd.exe

%FontsDir%\nwlnkipx.exe

%FontsDir%\nwlnknb.exe

%FontsDir%\nwlnkspx.exe

%FontsDir%\nwrdr.exe

%FontsDir%\oprghdlr.exe

%FontsDir%\p3.exe

%FontsDir%\svchost.exe

%FontsDir%\taksmgr.exe

%FontsDir%\wacult.exe

%InternetCache%\pack13042.exe

%InternetCache%\rundll32.exe

%LocalSettings%\realsched.exe

%LocalSettings%\temp1458.exe

%LocalSettings%\temp7532.exe

%LocalSettings%\temptmp.exe

%MyDocuments%\counterstrike.exe

%MyDocuments%\halflife.exe

%MyDocuments%\mindgame.exe

%Profiles%\photo\photo1.exe

%ProgramFiles%\accessories\backup\system\vsf\explorer.scr

%ProgramFiles%\accessories\backup\system\vsf\uncapper.exe

%ProgramFiles%\anti-spam bastion\yazzlebundle-1739.exe

%ProgramFiles%\bifrost\coffin.exe

%ProgramFiles%\bifrost\dsmon.exe

%ProgramFiles%\bifrost\explorer.exe

%ProgramFiles%\bifrost\lol2.exe

%ProgramFiles%\bifrost\server.exe

%ProgramFiles%\bifrost\server.scr

%ProgramFiles%\bifrost\win32.exe

%ProgramFiles%\bifrost\windows123.exe

%ProgramFiles%\bifrost\xxxxx.exe

%ProgramFiles%\common files\designer\wsock32.dll

%ProgramFiles%\common files\gxjaj.exe

%ProgramFiles%\common files\ketmh.exe

%ProgramFiles%\common files\mssearch.exe

%ProgramFiles%\common files\mssoap\binaries\wsock32.dll

%ProgramFiles%\common files\mssoap\wsock32.dll

%ProgramFiles%\common files\odbc\data sources\wsock32.dll

%ProgramFiles%\common files\odbc\wsock32.dll

%ProgramFiles%\common files\services\wsock32.dll

%ProgramFiles%\common files\speechengines\microsoft\wsock32.dll

%ProgramFiles%\common files\speechengines\wsock32.dll

Notes:

%AllUsersProfile% is a variable that specifies the all users' profile folder. By default, this is C:\Documents and Settings\All Users (Windows NT/2000/XP).
%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.
%CommonDesktopDir% is a variable that refers to the file system directory that contains files and folders that appear on the desktop for all users. A typical path is C:\Documents and Settings\All Users\Desktop (Windows NT/2000/XP).
%CommonDocuments% is a variable that refers to the file system directory that contains documents that are common to all users. A typical paths is C:\Documents and Settings\All Users\Documents.
%CommonFavorites% is a variable that refers to the file system directory that serves as a common repository for all users' favorite items. A typical path is C:\Documents and Settings\All Users\Favorites (Windows NT/2000/XP).
%CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
%DesktopDir% is a variable that refers to the file system directory used to physically store file objects on the desktop. A typical path is C:\Documents and Settings\[UserName]\Desktop.
%DownloadedProgramFiles% is a variable that refers to the file system directory containing downloaded program files. A typical path is C:\Windows\Downloaded Program Files.
%FontsDir% is a variable that refers to a virtual folder containing fonts. A typical path is C:\Windows\Fonts.
%InternetCache% is a variable that refers to the file system directory that serves as a common repository for temporary Internet files. A typical path is C:\Documents and Settings\[UserName]\Local Settings\Temporary Internet Files.
%LocalSettings% is a variable that specifies the current user's local settings folder. By default, this is C:\Documents and Settings\[UserName]\Local Settings (Windows NT/2000/XP).
%MyDocuments% is a variable that refers to the file system directory used to physically store a user's common repository of documents. A typical path is C:\Documents and Settings\[UserName]\My Documents.
%Profiles% is a variable that refers to the file system directory containing user profile folders. A typical path is C:\Documents and Settings.
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.