Threat Search: 

ThreatExpert's Statistics for Mal/Bifrose-Q [Sophos]:

Mal/Bifrose-Q [Sophos] is also known as:
Threat AliasNumber of Incidents
Backdoor:Win32/Bifrose.EY [Microsoft]4
Backdoor.IRCBot [Ikarus]3
Backdoor.IRC.Bot [Symantec]2
Backdoor.Trojan [Symantec]2
Backdoor.Win32.Bifrose [Ikarus]2
Infostealer [Symantec]2
W32/Sdbot.worm [McAfee]2
Win-Trojan/Inject.6144.G [AhnLab]2
Win-Trojan/Midgare.46483 [AhnLab]2
Backdoor.Sdbot [Symantec]1
Backdoor.Trojan [PC Tools]1
Backdoor.Turkojan [PC Tools]1
Backdoor.Win32.Poison.vfw [Kaspersky Lab]1
Backdoor.Win32.SdBot.lla [Kaspersky Lab]1
Backdoor.Win32.Turkojan.del [Kaspersky Lab]1
Backdoor:Win32/Poison.M [Microsoft]1
Backdoor:Win32/Turkojan.AI [Microsoft]1
Generic BackDoor [McAfee]1
Generic Dropper.hs [McAfee]1
Net-Worm.Win32.Kolab.chu [Kaspersky Lab]1
Trojan.Win32.Midgare.szk [Kaspersky Lab]1
VirTool:Win32/CeeInject.gen!A [Microsoft]1
Virus.Win32.Bifrose [Ikarus]1
W32/Sdbot.worm!g [McAfee]1
Win32/IRCBot.worm.18944.B [AhnLab]1
Win-Trojan/Midgare.97060.B [AhnLab]1
Win-Trojan/Poison.17408.G [AhnLab]1
Worm:Win32/Hamweq.A [Microsoft]1

Mal/Bifrose-Q [Sophos] has the following possible country of origin:
OriginNumber of Incidents
Portugal5

Mal/Bifrose-Q [Sophos] is known to be created as:
%ProgramFiles%\bifrost\server.exe
%System%\bifrost\server.exe
%Temp%\ixp000.tmp\server.exe
%Windir%\coltt21\coltt21.exe
%Windir%\mstwain32.exe
c:\restore\k-1-3542-4232123213-7676767-8888886\x0r.exe
Notes:
  • %ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
  • %System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
  • %Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
  • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.