Threat Search: 

ThreatExpert's Statistics for Backdoor.Win32.Bifrose.fpb [Kaspersky Lab]:

Backdoor.Win32.Bifrose.fpb [Kaspersky Lab] is also known as:
Threat AliasNumber of Incidents
Win-Trojan/Midgare.32256 [AhnLab]426
BackDoor-CEP.gen.g [McAfee]419
Backdoor:Win32/Bifrose.AE [Microsoft]395
Backdoor.Trojan [Symantec]316
Trojan.Midgare.hhn [PC Tools]316
BKDR_AHZE.SMM [Trend Micro]279
Virus.Trojan.Win32.Midgare [Ikarus]213
BKDR_AHZE.NY [Trend Micro]163
Mal/Bifrose-X, Mal/Behav-352, Mal/Midgar-A, Mal/EncPk-FH [Sophos]132
Mal/Generic-E, Mal/EncPk-FH [Sophos]86
Backdoor.Bifrose [Symantec]77
VirTool:Win32/Injector.gen!AG [Microsoft]69
Mal/Behav-352, Mal/Midgar-A, Mal/EncPk-FH [Sophos]61
Mal/Bifrose-X, Mal/Behav-352, Mal/Midgar-A, Mal/EncPk-FH, Mal/Bifrose-Z [Sophos]57
Infostealer [Symantec]52
Mal/Bifrose-X, Mal/EncPk-FH [Sophos]32
Trojan.Win32.Midgare [Ikarus]29
Mal/EncPk-FH [Sophos]24
Mal/Midgar-A, Mal/EncPk-FH [Sophos]24
Win-Trojan/Midgare.30590 [AhnLab]20
Mal/EncPk-KZ, Mal/EncPk-FH [Sophos]17
Mudgare.a [McAfee]17
Win-Trojan/Agent.32637.E [AhnLab]15
W32/Sality-AM [Sophos]10
Trojan Horse [Symantec]9
Virus:Win32/Sality.AM [Microsoft]9
W32/Sality.gen [McAfee]9
Backdoor.Bifrose [PC Tools]8
BackDoor-CEP!hv.a [McAfee]8
Trojan:Win32/Midgare.A [Microsoft]7
W32.Virut.CF [Symantec]7
Win32/Kashu.B [AhnLab]7
Mal/EncPk-KZ [Sophos]6
W32.Sality.AE [Symantec]6
Backdoor.Trojan [PC Tools]5
BKDR_BIFROSE.SMO [Trend Micro]5
Mal/Bifrose-Z, Mal/Bifrose-X, Mal/Behav-352, Mal/Midgar-A, Mal/EncPk-FH [Sophos]5
Virus:Win32/Virut.BM [Microsoft]5
Backdoor-CEP.gen.i [McAfee]4
Virus.Win32.Bifrose [Ikarus]4
W32/Sality.gen.b [McAfee]4
Win-Trojan/Midgare.30208 [AhnLab]4
Mal/Bifrose-X [Sophos]3
Mal/Bifrose-X, Mal/Midgar-A, Mal/EncPk-FH [Sophos]3
Mal/EncPk-FH, Mal/EncPk-KZ [Sophos]3
Mal/Sality-B [Sophos]3
Mudgare.gen.b [McAfee]3
New Malware.aq [McAfee]3
PE_SALITY.AE [Trend Micro]3
W32/Sality-AI [Sophos]3
Constructor.Win32.Bifrose.gy [Kaspersky Lab]2
Constructor.Win32.Bifrose.j [Kaspersky Lab]2
Gen.Trojan [Ikarus]2
Mal/Behav-352, Mal/Midgar-A, Mal/EncPk-FH, W32/Scribble-B [Sophos]2
Mal/Bifrose-X, Mal/Behav-352, Mal/Midgar-A, Mal/EncPk-FH, Mal/Bifrose-Z, W32/Scribble-B [Sophos]2
Mal/Bifrose-X, Mal/Sality-C [Sophos]2
Mal/Bifrose-Z [Sophos]2
Mal/Generic-A [Sophos]2
Mal/Generic-E [Sophos]2
Mal/Packer [Sophos]2
PE_SALITY.BU [Trend Micro]2
Trojan-Dropper.Agent [Ikarus]2
Trojan-Dropper.Win32.Stabs [Ikarus]2
Virus:Win32/Sality.G [Microsoft]2
Virus:Win32/Sality.gen [Microsoft]2
W32.Sality.AM [Symantec]2
W32/Sality.n [McAfee]2
Backdoor.Rbot [Ikarus]1
Backdoor.Win32.Bifrose [Ikarus]1
Backdoor:Win32/Poisonivy.E [Microsoft]1
Backdoor-CEP [McAfee]1
BackDoor-CEP.gen.a [McAfee]1
BackDoor-CEP.gen.au [McAfee]1
Constructor:Win32/Bifrose.A [Microsoft]1
Dropper/Tempex [AhnLab]1
Gen.Malware [Ikarus]1
Generic Dropper!blx [McAfee]1
Generic Dropper.pm.gen [McAfee]1
Mal/Bifrose-S [Sophos]1
Mal/Bifrose-X, Mal/EncPk-FH, Mal/Bifrose-Z [Sophos]1
Mal/Bifrose-X, Mal/Midgar-A, Mal/EncPk-FH, Mal/Bifrose-Z [Sophos]1
Mal/Bifrose-Z, Mal/Sality-B [Sophos]1
Mal/Dorf-D [Sophos]1
Mal/EncPk-BU, Mal/EncPk-BA [Sophos]1
Mal/EncPk-KZ, Mal/Behav-352, Mal/Midgar-A, Mal/EncPk-FH [Sophos]1
Mal/Generic-E, Mal/EncPk-FH, Mal/Behav-103, Mal/Behav-043 [Sophos]1
Mal/HckPk-A [Sophos]1
Mal/Midgar-A, Mal/EncPk-FH, W32/Scribble-B [Sophos]1
Mal/Packer, Mal/EncPk-E [Sophos]1
Mal/Packer, Mal/Midgar-A, Mal/EncPk-FH, Mal/Bifrose-Z [Sophos]1
New Win32 [McAfee]1
Packer.RLPack [Ikarus]1
PE_SALITY.EK [Trend Micro]1
PE_SALITY.EN-1 [Trend Micro]1
Trojan.Midgare!sd6 [PC Tools]1
Trojan.StartPage [Ikarus]1
Trojan.Win32.Swisyn.iph [Kaspersky Lab]1
Trojan-Dropper.SAG [Ikarus]1
Trojan-PSW.Generic [PC Tools]1
Virus.W32.Sality [Ikarus]1

Backdoor.Win32.Bifrose.fpb [Kaspersky Lab] has the following possible countries of origin:
OriginNumber of Incidents
Sweden5
United Kingdom5
France4
Russian Federation4
Saudi Arabia3
Israel2
Turkey2
Brazil1
Croatia1
Germany1
Spain1

Backdoor.Win32.Bifrose.fpb [Kaspersky Lab] is known to be created as:
%AppData%\bifrost\server.exe
%AppData%\microsoft\svchost.exe
%AppData%\regedit\fragmen.exe
%AppData%\system\sys.exe
%AppData%\system\win.exe
%AppData%\temp\eixplorer.exe
%CommonAppData%\server.exe
%CommonPrograms%\startup\net.exe
%CommonPrograms%\startup\server.exe
%InternetCache%\57289261.exe
%LocalSettings%\temptmp.exe
%ProgramFiles%\99\88.exe
%ProgramFiles%\aaaaaaaaaa\aaaaaaa.exe
%ProgramFiles%\anti-trust\anti-trust.exe
%ProgramFiles%\biforst\server.exe
%ProgramFiles%\bifrost\a.exe
%ProgramFiles%\bifrost\ser.exe
%ProgramFiles%\bifrost\server.exe
%ProgramFiles%\bifrost\svchost.exe
%ProgramFiles%\cmdl32\cmdl32.exe
%ProgramFiles%\dir\server.exe
%ProgramFiles%\hhh\server.exe
%ProgramFiles%\live\ccshost.exe
%ProgramFiles%\massenger live\server.exe
%ProgramFiles%\mesenger\windows.exe
%ProgramFiles%\micro\hosts.exe
%ProgramFiles%\microsoft odbc\odbc.exe
%ProgramFiles%\microsoft\svchost.exe
%ProgramFiles%\microsoft\yahoo.exe
%ProgramFiles%\msn messenger\sexglasses.exe
%ProgramFiles%\msn\spoolsv.exe
%ProgramFiles%\msns\msns.exe
%ProgramFiles%\netmeeting0\cb32.exe
%ProgramFiles%\system32\msnmsgr.exe
%ProgramFiles%\system32\system32.exe
%ProgramFiles%\test\test.exe
%ProgramFiles%\windows\windows.exe
%ProgramFiles%\xerox\sisysy.exe
%ProgramFiles%\xerox\xerox.exe
%Programs%\startup\222.exe
%System%\bifrost\server.exe
%System%\bifrost\test.exe
%System%\bifroxx\server.exe
%System%\boot\win34.exe
%System%\bootvid.exe
%System%\explorer\explorer.exe
%System%\explorer\internet.exe
%System%\hhhh\server.exe
%System%\langame\langame.exe
%System%\massenger live\server.exe
%System%\microsoft\microsoft.exe
%System%\microsoft\sestyme32.exe
%System%\microsoft\svco.exe
%System%\mozilla\mozilla.exe
%System%\msn\installplus.exe
%System%\password\password.exe
%System%\qqq\server.exe
%System%\regedit\fragmen.exe
%System%\server.exe
%System%\sky\win.exe
%System%\sys32\sixcoup32.exe
%System%\sysfile\win37.exe
%System%\system.scr
%System%\system\sys.exe
%System%\system\win.exe
%System%\system23\pach.exe
%System%\system32\mcrosft.exe
%System%\system32\system32.exe
%System%\system321\server.exe
%System%\systm\systm32.exe
%System%\systreay\systray.exe
%System%\temp\eixplorer.exe
%System%\update\microsoftt.exe
%System%\web\web.exe
%System%\windoo\maicroo.exe
%System%\windows\dnetc.exe
%System%\windows\microsoft.exe
%System%\windows\server.exe
%System%\windows32\system32.exe
%System%\winfiles.exe
%System%\xx\sys.exe
%Temp%\1.exe
%Temp%\asadfg43rwaef.exe
%Temp%\coffin.exe
%Temp%\decrypted.exe
%Temp%\ixp000.tmp\1.exe
%Temp%\ixp000.tmp\3.exe
%Temp%\ixp000.tmp\server.exe
%Temp%\ixp000.tmp\stub.exe
%Temp%\qwert.exe
%Temp%\s.exe
%Temp%\server.exe
%Temp%\server1.exe
%Temp%\sys.exe
%Temp%\tempalbert\server.exe
%Temp%\tmp.exe
%Temp%\xdz3.exe
%Templates%\winupdcenter.exe
%Windir%\1.exe
%Windir%\bifrost\server.exe
Notes:
  • %AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
  • %CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.
  • %CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
  • %InternetCache% is a variable that refers to the file system directory that serves as a common repository for temporary Internet files. A typical path is C:\Documents and Settings\[UserName]\Local Settings\Temporary Internet Files.
  • %LocalSettings% is a variable that specifies the current user's local settings folder. By default, this is C:\Documents and Settings\[UserName]\Local Settings (Windows NT/2000/XP).
  • %ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
  • %Programs% is a variable that refers to the file system directory that contains the user's program groups. A typical path is C:\Documents and Settings\[UserName]\Start Menu\Programs.
  • %System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
  • %Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
  • %Templates% is a variable that refers to the file system directory that serves as a common repository for document templates. A typical path is C:\Documents and Settings\[UserName]\Templates.
  • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.