An unauthorized backdoor access to your system can compromise it in many ways, downloading malicious software onto it being the worst one. Be alert, because a new backdoor identified as Backdoor:Win32/Kirts.A has been reported by security experts at Microsoft.
Threat Summary
| Name | Backdoor:Win32/Kirts.A |
| Type | Backdoor |
| Short Description | Once installed, the backdoor can perform a range of malicious activities, including downloading malware and including your PC in a botnet. |
| Symptoms | Files such as %TEMP%\puwuladrur.bat are created on the system. |
| Distribution Method | Spam Emails, Email Attachments, File Sharing Networks, Bundled Downloads. |
| Detection Tool | See If Your System Has Been Affected by Backdoor:Win32/Kirts.A Download Malware Removal Tool |
| User Experience | Join our forum to Discuss Backdoor:Win32/Kirts.A. |
The threat level of Backdoor:Win32/Kirts.A is defined as severe, which means that the likeliness of becoming infected with malware is quite high. Having in mind the high infection rates of ransomware such as Locky and Cerber, the payload of any backdoor operation can definitely lead to the encryption of your data.
Other Recent Backdoors:
T9000
LatentBot
Bifrose
Backdoor:Win32/Kirts.A Distribution Methods
Even though the exact distribution method of this backdoor hasn’t been outlined yet, backdoors are usually spread via the same paths. The most likely ways that may have infected your system include:
- Spam email messages containing malicious attachments;
- Spam email messages containing malicious links;
- Via instant messengers;
- Being redirected to malicious pages deployed for drive-by downloads;
- Bundled downloads of freeware and torrents (p2p networks).
Backdoor:Win32/Kirts.A Technical Overview
Microsoft security researchers report that once Backdoor:Win32/Kirts.A is installed, it can create various files on your computer, one of them being:
%TEMP%\puwuladrur.bat
The backdoor also uses code injection to make its detection and removal more difficult. The threat can inject code into running processes, too.
As already mentioned in the beginning, the payload of the whole operation is permitting unauthorized access to the system. Once such access is obtained, any or all of the following malicious activities can take place:
- Deleting and creating files;
- Downloading and running files (malware);
- Uploading files;
- Logging keystrokes and stealing sensitive information;
- Modifying system settings;
- Running or stopping applications;
- Spreading malware to other computers (becoming part of a botnet);
Note. According to Virustotal, Backdoor:Win32/Kirts.A has other aliases:
→Atros3.AIAX [AVG]; Gen:Variant.Zusy.189561 [BitDefender]; UnclassifiedMalware [Comodo]; a variant of MSIL/Injector.OZF [ESET-NOD32]; Gen:Variant.Zusy.189561 (B) [Emsisoft]; F-Secure [Gen:Variant.Zusy.189561]; Trojan.Win32.IRCbot.aanp [Kaspersky];
Trojan.IRCBot.MSIL [Malwarebytes]; Trojan-FIHN!F76F76B0B477 [McAfee];
Trojan.Gen [Symantec], etc.
Trojan.IRCBot has already been analyzed by Enigma Software security researchers. It is indeed a backdoor Trojan that connects to an IRC server to receive commands. The backdoor can propagate via network shares, spam-emails and bundled downloads.
How Can I Remove Backdoor:Win32/Kirts.A from My System?
Backdoor Trojans can be very stealthy and damaging to your system. That is why the most secure way to remove such threats is by installing and running a trustworthy anti-malware program. If your knowledge of Windows is above average, you can follow the manual removal steps. No matter what you choose to do, keep in mind that automatic anti-malware protection is highly recommend. The threat landscape is more dangerous than ever.
