Perl/Calfbot [Threat Name]

Detection created2013-12-20
Short description

Perl/Calfbot.A is a trojan that is used for spam distribution.


The trojan is usually a part of other malware.

The trojan is usually found in the following folder:

  • /tmp/

The following filename is used:

  • " "
Other information

The trojan acquires data and commands from a remote computer or the Internet.

The trojan contains a list of URLs. The trojan generates various URL addresses. The HTTP/HTTPS protocol is used.

It may perform the following actions:

  • send spam
  • update itself to a newer version
  • stop itself for a certain time period
  • execute shell commands

The trojan collects the following information:

  • malware version
  • number of emails sent
  • number of emails not sent
  • user name
  • Perl version
  • mail program used to send e-mails
  • HTTP/HTTPS tool used

The trojan attempts to send gathered information to a remote machine.

For further information follow the links below:

* Report

* Indicators of compromise (IOC)

* WeLiveSecurity blog post

Threat Variants with Description

Threat Variant Name Date Added Threat Type
Perl/Calfbot.A 2013-12-20 trojan

Please enable Javascript to ensure correct displaying of this content and refresh this page.