BKDR_POISON.EVE

Posted: February 25, 2013

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Ranking:	7,294
Threat Level:	2/10
Infected PCs:	4,155

First Seen:	February 25, 2013
Last Seen:	October 16, 2023
OS(es) Affected:	Windows

BKDR_POISON.EVE is a backdoor Trojan that's installed via a PDF exploit, the latter of which is detected as TROJ_PIDIEF.EVE or TROJ_PIDIEF.VEV. By disguising itself as a Mandiant news report on PC security, BKDR_POISON.EVE's installer installs, BKDR_POISON.EVE, which is launched automatically and (in the hopes of its criminal coding team) without drawing your attention to the infection. Malware experts have noted broad spyware and backdoor-related features from BKDR_POISON.EVE, which may compromise your PC's security and/or steal highly confidential information. Like all cases of malware infections that try to conceal themselves, deleting BKDR_POISON.EVE should use appropriate anti-malware applications that are designed to deal with high-level PC threats.

BKDR_POISON.EVE: the Toxic Tidings for Your Computer

Unlike a worm or a virus, BKDR_POISON.EVE can't distribute itself, but, rather, is distributed by a second PC threat, the Trojan TROJ_PIDIEF.EVE. TROJ_PIDIEF.EVE is, in turn, disguised as a Mandiant AP2 report. Although opening this apparent PDF document will, in fact, display a real PDF file, it also installs TROJ_PIDIEF.EVE's payload: BKDR_POISON.EVE. Since Mandiant reports on cyber security have, according to some business sources, become 'must read' news, this is an effective lure for victims to open a malicious file without them realizing that that's what's happening.

BKDR_POISON.EVE's major functions make BKDR_POISON.EVE exactly as dangerous as its name implies, with some of the most significant attacks including:

Recording your keyboard input (also known as keylogging) to a file that's then sent to third parties.
Recording your webcam input.
Recording your microphone input.
Modifying files, memory processes, Registry entries, services and any installed devices at will. This allows BKDR_POISON.EVE to be used to delete files/programs, terminate them or modify their settings.
Grabbing passwords from your browser's caches.
Installing other malware, and, in some cases, even injecting them into the processes of unrelated applications (such as basic Windows components).

The Foolproof Antidote to a BKDR_POISON.EVE Sickness

As always, SpywareRemove.com malware research team recommends that you try to avoid exposure to known infection paths whenever it's possible. Accordingly, a little care about where you acquire your PDF-based news from can help you avoid an oncoming BKDR_POISON.EVE infection. Attacks by BKDR_POISON.EVE currently are reported to be targeted at members of the journalism industry, but very similar PC threats (such as TROJ_PIDIEF.EGQ, TROJ_PIDIEF.EVF and TROJ_PIDIEF.KFR) also have been known to use similar means to attack other types of victims. At the least, it should be considered a basic precaution to scan any suspicious PDF files prior to opening them.

Because BKDR_POISON.EVE essentially gives control of your PC to an anonymous criminal while stealing wide ranges of data, SpywareRemove.com malware experts emphasize the necessity of removing BKDR_POISON.EVE as swiftly as possible. To this end, you should employ suitable anti-malware software to delete BKDR_POISON.EVE and any other malware associated with BKDR_POISON.EVE.

Technical Details

Additional Information

The following URL's were detected:

silsautsacmo.com