Subscribe0 0
This Trojan program is written in Delphi (5.0) and is approximately 40KB in size when packed. When launched, it adds links to hacker sites to Internet Explorer.
It registers special extensions to Internet Explorer:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{10954C80-4F0F-11d3-B17C-00C0DFE39736}]
"ButtonText"="Search cracks at CrackSpider.NET"
"MenuText"="Search cracks at CrackSpider.NET"
"MenuStatusBar"="Search cracks at CrackSpider.NET"
"ClSid"="{1FBA04EE-3024-11d2-8F1F-0000F87ABD16}"
"Exec"="http://crackspider.net/ie/btn.php"
"HotIcon"="%WINDIR%\crcspider.ico"
"Icon"="%WINDIR%\crcspider.ico"
"Default Visible"="Yes"
It also adds its own links to the Internet Explorer search mechanism:
[Software\Microsoft\Internet Explorer\Search] "SearchAssistant" = "http://crackspider.net/ie/assist.php" [Software\Microsoft\Internet Explorer\Main] "Search Bar" = "http://crackspider.net/ie/sbar.php"
It creates a folder called “Freeman CrackLinks” in Favorites, and adds a number of links to hacker sites to this folder. The links are given the following names:
! CrackSpider.NET - Cracks search engine !! TheBUGS.ws - Security Related Portal !!! CrackPortal.com - Cracks, serial numbers..... Astalavista - Cracks search engine () CrackSpider.DE - Cracks search engine CrackWay - Since 2001 cracks arhive KeyGen.US - Keygens, patches, crackz.... mscrack.com - Cracks, serial numbers..... NeedCrack.us - Cracks search engine TheCrack.us - Cracks arhive
Finally, it causes Internet Explorer to open
http://crackspider.net/ie/first.php
The Trojan has no other payload.
Hot Articles