Ушел из жизни
Сообщения: 169
Благодарности: 15
|
Профиль
|
Сайт
|
Отправить PM
| Цитировать
Analysis
Once executed, this Trojan copies itself to the Windows system folder with the same file name.
It adds the following registry key in order to insure an automatic execution at every Windows startup:
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
"(FileName)" = "(FileName).exe"
where FileName varies in different variants, it is the same for both registry key and the actual file name without extension.
It periodically connects to a specific URL, attempting to download a file through HTTP.
It can perform various information stealing and backdoor activities, which may include any of the following:
Download and execute file
Enumerate and terminate process
Gather and send various system information
Delete files
Modify registry keys
Описание с сайта aladdin.ru
|
-------
MVP Consumer Security, KL DSSE, ACT
Security Trusted Adviser
http://vladbez.spaces.live.com
Отправлено: 23:18, 02-06-2007
| #5
|