BackDoor-DLY is a Trojan that is usually dropped by MultiDropper-JD.

This Trojan can be used to remotely control the victim machine, as part of a malicious command and control network. When installed, it contacts a server using a series of domain names believed to be part of a fast flux network:

  • http://{blocked}.imergeyou.com/{blocked}/weby6/settings.ini
  • http://{blocked}.ifeelyou.info/{blocked}/weby6/remote.php
  • http://{blocked}.iconnectyou.biz/{blocked}/weby6/settings.ini
  • http://{blocked}.imergeyou.com/{blocked}/weby6/settings.ini
  • http://{blocked}.ifeelyou.info/{blocked}/weby6/settings.ini
  • http://{blocked}.boomlance.com/{blocked}/weby6/settings.ini

  • Domain names of a fast flux network can rapidly change. At the time of writing, the IP address(es) resolved to these domain names do not host the settings.ini. Such networks are often associated with phishing and spamming.

    BackDoor-DLY also attempts multiple connections to www.google.com to test for Internet connection availability.

    More information can be found at this McAfee page.