sobota 25. února 2012

Trojan:Win32/Ransom.DN


Encyclopedia entry
Updated: Jun 22, 2011  |  Published: Jun 21, 2011

Aliases
  • Trojan.Win32.Ransom (Ikarus)

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated:
Definition: 1.121.385.0
Released: Feb 25, 2012
Detection initially created:
Definition: 1.105.1156.0
Released: Jun 02, 2011


 

Summary

Trojan:Win32/Ransom.DN is a trojan that prevents the user from accessing his desktop. It then instructs the user to send an SMS to a premium number to regain access.


 

Symptoms

System changes
The following system changes may indicate the presence of this malware:
  • Adult content is displayed on your screen, along with instructions to send an SMS to a premium number for you to regain access to your desktop.


 

Technical Information (Analysis)

Trojan:Win32/Ransom.DN is a trojan that prevents the user from accessing his desktop. It then instructs the user to send an SMS to a premium number to regain access.
When executed, Trojan:Win32/Ransom.DN drops its main component file in the %HOMEPATH% folder using a randomly-generated file name. It also creates the following registry entry to ensure that it automatically runs every time Windows starts:
In subkey: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Sets value: <random string>
With data: "%HOMEPATH%\<random string>.exe"
When the computer is restarted, adult content is displayed on the screen, along with a message to send an SMS to a premium number so that the user can regain access to the desktop.
Analysis by Jireh Sanico

Žádné komentáře:

Okomentovat

Poznámka: Komentáře mohou přidávat pouze členové tohoto blogu.