Trend Micro has flagged this malware as noteworthy due to the increased potential for damage, propagation, or both, that it possesses. This Trojan is related to another noteworthy entry BKDR_VBOT.ATo get a one-glance comprehensive view of the behavior of this malware, refer to the Threat Diagram shown below. It creates registry entries to enable its automatic execution at every system startup. It attempts to connect to servers using TCP post 8585 to listen for commands coming from a remote computer. Once a connection is successfully established, it may download other files including its components, ntconf32.dll, msimsg32.vxd and ntsys32.vxd. It also connects to the following URLs via HTTP. It modifies registry key(s)/entry(ies) as part of its installation routine. |
No comments:
Post a Comment