Troj/Cosiam-C is a proxy Trojan with backdoor capabilities.
Troj/Cosiam-C will contact a remote location in order to report details of the infected computer, including the port that the Trojan is listening on, the computer's IP and operating system. The Trojan may then download configuration data.
Troj/Cosiam-C is capable of downloading and running further executable files.
When first run, Troj/Cosiam-C will copy itself to the Windows system folder as outpostupdate.exe. In order to run automatically each time a user logs in, Troj/Cosiam-C will set the following registry entries:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
outpostupdate
<Windows system folder>\outpostupdate.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
outpostupdate
<Windows system folder>\outpostupdate.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
outpostupdate
<Windows system folder>\outpostupdate.exe
Troj/Cosiam-C creates the following registry entry:
HKLM\SOFTWARE\Microsoft\ATI_VER
The Trojan is capable of performing Denial of Service (DoS) attacks on remote computers.