Troj/Sallink-A

Category:	Viruses and Spyware	Protection available since:	28 Jul 2010 22:54:06 (GMT)
Type:	Trojan	Last Updated:	28 Jul 2010 22:54:06 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Sallink-A is a Trojan for the Windows platform.

Troj/Sallink-A drops an executable file to remote network shares, typically to a random filename with a DLL or TMP extension and detected as Troj/Salload-D.

Troj/Sallink-A also drops a LNK shortcut file to the same remote location, detected as Exp/Cplink-A, that attempts to exploit CVE-2010-2568 to run the dropped executable file automatically when the folder is browsed to. The LNK file typically has a random filename, but variants have been seen using the following filenames:

  Copy of New Folder.lnk
  Copy of New File.lnk
  Copy of Shortcut.lnk
  New Shortcut.lnk
  New Folder.lnk
  Shortcut.lnk
  Drivers.lnk
  Anna Benson Sex video.lnk
  Kate Beckinsale nude pictures.lnk
  Jenna Elfman sex anal deepthroat.lnk
  Miss America Porno.lnk
  Porno Screensaver.lnk
  Serials.lnk
  Barrett Jackson nude photos.lnk
  Britney Spears XXX.lnk
  Paris Hilton XXX Archive.lnk
  XXX hardcore.lnk
  XXX.lnk
  XXX archive.lnk
  groom.lnk
  Fotograf.lnk
  Photoalbum.lnk
  My photoalbum.lnk
  Myphotos.lnk
  My photos.lnk
  My beautiful person.lnk
  beautiful.lnk
  Gallery photos.lnk
  caroline.lnk
  Katrina.lnk
  kleopatra.lnk
  Caitie.lnk
  Mary-Anne.lnk
  Lisa.lnk
  Bad girl.lnk
  Julie.lnk
  Aline.lnk
  Anna.lnk
  Barbi.lnk
  Katrina.lnk
  Juli.lnk
  Mary.lnk
  Mandy.lnk
  Sara.lnk
  rebecca.lnk
  Jammie.lnk
  kate.lnk
  Audra.lnk
  stacy.lnk
  Rena.lnk
  Kelley.lnk
  Tammy.lnk
  Picture.lnk
  My Photos.lnk
  Photoalbum.lnk

Troj/Sallink-A may also set a registry entry at the following location:

HKCU\SOFTWARE\<variant-specific string>
session

Try Sophos products for free
Download now

Troj/Sallink-A

Free Mac Anti-Virus

Popular topics