Subscribe0 0
This Trojan program makes it possible to use the victim machine as a mail proxy server. It runs under Windows, and is approximately 19KB in size. It uses I.Worm.Bagle.l to install itself on the system.
The Trojan is not able to launch itself, but uses the Bagle.l library to do this.
It attempts to establish a connection to a number of remote servers in order to communicate information about the victim machine (IP-address etc.)
The Trojan opens port 11117 and installs itself as a mail proxy server. Once this has been done, the victim machine can be used as a spamming platform.
OtherThe Trojan searches for, and attempts to terminate the following processes:
ATUPDATER.EXE AVWUPD32.EXE AVPUPD.EXE LUALL.EXE DRWEBUPW.EXE ICSSUPPNT.EXE ICSUPP95.EXE UPDATE.EXE NUPGRADE.EXE ATUPDATER.EXE AUPDATE.EXE AUTODOWN.EXE AUTOTRACE.EXE AUTOUPDATE.EXE AVXQUAR.EXE CFIAUDIT.EXE MCUPDATE.EXE NUPGRADE.EXE OUTPOST.EXE AVLTMAIN.EXE
Hot Articles