Перейти к содержимому


Фото
- - - - -

Trojan.Botnetlog.11 forms new botnet


  • Please log in to reply
Нет ответов в данной теме

#1 News Robot

News Robot

    Creator of the News

  • Dr.Web Staff
  • 7 139 Сообщений:

Отправлено 12 Август 2009 - 03:00

August 12, 2009

Russian anti-virus vendor Doctor Web reports a mass mailing of spam
messages with attached Trojan.Botnetlog.11. The Trojan horse forming a
new botnet also downloads and installs other pieces of malware on
infected machines.

Trojan.Botnetlog.11 appeared as an attachment to spam messages on
August 6, 2009. Now activity of this malicious program reached its
peak.

[IMAGE]

The Trojan horse comes to a user machine with a fake e-mail
delivery-failure notification from a respected e-mail service that
informs a user that his package couldn’t be delivered because the
recipient address is incorrect. As a solution the message offers a
victim to print out the attached copy of an "invoice" and collect the
package at the office of the company.

[IMAGE]

[IMAGE]

The attached zip-archive with a random name that follows the
UPSNR_********.zip template contains an executable file with the same
name. This file is Trojan.Botnetlog.11. The malicious file mutates
from mailing to mailing and therefore can be hard to detect for an
anti-virus.

Once launched the malware adds its entry to the autorun list, injects
its code into system processes and establishes an HTTP connection to a
bogus web-site to download other malicious programs. This is a how
compromised system is are registered on the botnet.

Since Trojan.Botnetlog.11 is mutating constantly, Doctor Web
recommends all users of Dr.Web anti-viruses to use automatic updating
of virus databases and anti-virus software components.


View the article


Читают тему: 1

0 пользователей, 1 гостей, 0 скрытых