pátek 24. února 2012

TrojanDownloader:Win32/Obitel


Encyclopedia entry
Updated: Apr 17, 2011  |  Published: Apr 18, 2009

Aliases
Not available

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated:
Definition: 1.121.332.0
Released: Feb 24, 2012
Detection initially created:
Definition: 1.49.681.0
Released: Dec 18, 2008


 

Summary

TrojanDownloader:Win32/Obitel is a detection for a component dropped by TrojanDownloader:Win32/Obitel.gen!A - a trojan that downloads and executes arbitrary files. This may include additional malware.


 

Symptoms

System Changes
The following system changes may indicate the presence of this malware:
  • The presence of the following files:
    <system folder>\stus.exe
    <system folder>\userinit.exe


 

Technical Information (Analysis)

TrojanDownloader:Win32/Obitel is a detection for a component dropped by TrojanDownloader:Win32/Obitel.gen!A - a trojan that downloads and executes arbitrary files.
Installation
TrojanDownloader:Win32/Obitel is dropped by TrojanDownloader:Win32/Obitel.gen!A with a variable file name to the %Temp% folder; for example in1.tmp, in2.tmp, or ina.tmp.
Payload
Downloads and Executes Arbitrary Files
The file detected as TrojanDownloader:Win32/Obitel contains a hard-coded list of URLs for the main downloading component,TrojanDownloader:Win32/Obitel.gen!A, to download and execute files from. These files may include additional malware.
 
In the wild, Win32/Obitel has been observed contacting the following domains for this purpose:
  • auf-jeder.com
  • zarazza.cn
Analysis by Hong Jia

Žádné komentáře:

Okomentovat

Poznámka: Komentáře mohou přidávat pouze členové tohoto blogu.