Troj/Dorf-Fam

Categoría: Virus y programas espía Protección disponible desde:22 ene 2007 00:00:00 (GMT)
Tipo: Trojan Última actualización:22 may 2007 00:00:00 (GMT)
Predominio:

Download Descargue nuestra herramienta gratuita para la eliminación de virus - Encuentre las amenazas no detectadas por su antivirus

Troj/Dorf-Fam is a family of backdoor Trojans for the Windows platform.

Members of Troj/Dorf-Fam also have functionality to download and execute files from the internet.

Several members of Troj/Dorf-Fam have been seen aggressively spammed out with politically sensitive subject lines such as:

"British Muslims Genocide"
"Sadam Hussein safe and sound!"
"Hugo Chavez dead."
"Russian missle shot down Chinese satellite"
"Venezuelan leader: "Let's the War beginning"."
"The Supreme Court has been attacked by terrorists. Sen. Mark Dayton dead!"
"Third World War just have started!"
"President of Russia Putin dead."

Other subject lines seen are as follows:

"U.S. Southwest braces for another winter blast. More then 1000 people are dead."
"Love at First Sight"
"Hand in Hand"
"Our love is torn by miles" Troj/Dorf-Fam is a family of backdoor Trojans for the Windows platform.

Members of Troj/Dorf-Fam also have functionality to download and execute files from the internet.

Several members of Troj/Dorf-Fam have been seen aggressively spammed out with politically sensitive subject lines such as:

"British Muslims Genocide"
"Sadam Hussein safe and sound!"
"Hugo Chavez dead."
"Russian missle shot down Chinese satellite"
"Venezuelan leader: "Let's the War beginning"."
"The Supreme Court has been attacked by terrorists. Sen. Mark Dayton dead!"
"Third World War just have started!"
"President of Russia Putin dead."

Other subject lines seen are as follows:

"U.S. Southwest braces for another winter blast. More then 1000 people are dead."
"Love at First Sight"
"Hand in Hand"
"Our love is torn by miles"

Troj/Dorf-Fam attempts to drop the file <System>\wincom32.sys, also detected as Troj/Dorf-Fam. This file is registered as a service with a Display Name of "wincom32", with registry entries set at the following location:

HKLM\SYSTEM\CurrentControlSet\Services\wincom32

Troj/Dorf-Fam then attempts to inject another file into services.exe. This file is also detected as Troj/Dorf-Fam, and may create the clean file <System>\peers.ini, as well as download and execute code from the internet, and provide backdoor functionality to allow access to the computer by a remote user.

descargar Pruebe los productos de Sophos totalmente gratis
Descargue una evaluación gratuita

© 1997 - 2012 Sophos Ltd. Todos los derechos reservados. Aviso legal Privacidad