Troj/Bdoor-BY is a Trojan for the Windows platform that contains backdoor functions that allow unauthorised remote access to the infected computer via TCP port 23.
When run Troj/Bdoor-BY copies itself to the Windows system folder as Iexplor32.exe and runs in the background as a service process.
The Trojan creates the following registry entry so as to run itself automatically on computer logon:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
IExplorer
Iexplor32
When instructed by a remote attacker, the Trojan has the following capabilities:
open a remote shell
shutdown the computer
display a message box
download files from the internet
send email to a specific address
launch Denial of Service (DoS) attacks
terminate processes