Backdoor:ASP/Aspy.A is a backdoor trojan, written in ASP.Net, that allows unauthorized remote access and control of an affected computer or server.
Backdoor:ASP/Aspy.A may be present on a compromised host as a file with .ASP file extension and stored in a directory containing web pages to allow to a remote attacker via a web browser and Internet connection. The following file names are examples of the trojan as found in the wild:
When the trojan page is accessed, it requests a logon to gain access to a control session. The default password for the trojan is 'admin'.
Allows unauthorized remote access and control
Once logged in, the trojan could provide the following functionality against a compromised computer or server:
- File management - this includes download, upload, edit, copy, rename, delete files
- Directory management - this includes create, rename and delete directories
- Execute any command through cmd.exe
- Extract IIS user credentials
- List processes and services
- List detailed information of users and system configuration (includes domain, IP, OS version, CPU etc.)
- File search and replace
Serv-U privilege escalation exploit
- list registry keys and values
- port scanner
and Microsoft Access database access
- TCP port redirection
Analysis by Shawn Wang
Alert notifications or detections of this malware from installed antivirus or security software may be the only other symptoms.