Posts Tagged ‘Trojan-Downloader’

Zeus Trojan HorseEvolution of Zeus Botnet Part 3

Evolution of Zeus Botnet Part 2 Here

Zeus, version 3 – Gameover

In the version of Zeus 2.1 was an attempt to get away from the hard-coded command center and move to a more protected from the actions of the anti-virus companies control system (using DGA). As it turned out, the creators of Zeus continued his studies in the field.

In October 2011, Roman Huessy, creator ZeusTracker, exploring the latest version received Zeus, noted the presence of a strange UDP-traffic. Further analysis showed that the new version of Zeus had several IP-addresses in the configuration block, and computers with these IP answered infected system. Within 24 hours it was revealed about 100,000 unique IP addresses, which is related to a new version. Most of the infected computers were located in India, Italy and the U.S..

Since it was found that Zeus started using P2P update mechanism itself and its data blocks configuration. Because of the use of the name gameover.php script when handling command center for this version of the name used Gameover Zeus. This is a rather symbolic – as can be seen, the ‘game’ with Zeus has ended. (more…)

Doctor WebThe company “Doctor Web” – a Russian developer of IT security – inform users of the distribution through peer to peer networks Trojan.PWS.Panda.2395 several malicious programs that use a very interesting mechanism to infect computers. These programs are capable of massive DDoS-attacks and send spam.

Infection of the victim’s computer by using the widespread Trojan Trojan.PWS.Panda.2395. In the first stage of infection by Trojan-supported peer to peer network to a PC victims downloaded the executable file that is encrypted malicious module. After successfully decrypt it launches another module that reads the image in computer memory or other malicious applications detected by Dr.Web anti-virus software as one of the members of the family Trojan.DownLoader.

The program is saved to a user account as an executable file with a random name, and then modifies the registry Windows, to give yourself the ability to automatically run along with the operating system loads. (more…)

Virus AlertTrojan-Downloader.JS.Agent.fxq –  is a Page pop-up menu to load.

Technical details:

Trojan horse that opens a browser different web pages without the user’s knowledge. Is an HTML-page with a script written JavaScript. Malicious script has a size 3560 bytes.

Destructive activity: (more…)