ViRobot/HAURI

Trojan.Win32.S.Agent.121344.AG
種類
Trojan Horse
危険度/拡散度
/
発見日
[korea] 0000-00-00 [Foreign] 0000-00-00
Virobot対応
2014-09-17 [Able to detect & repair]

Malicious code that spread through Spam Mail(photo.exe)

 

Many Spam Emails with the title "my new photo ;) " have been found recently. If the attached file(photo.exe) is executed, it could do Bot functions by connecting to malicious servers and send SMTP for infecting of other users.

 

[The symptom]

It sends Spam Emails and induces users to check a attached file(photo.zip).

When the attached file is executed, it creates a copy in a specific folder and, it creates malicious files disguised as a normal filename in folder of '(user account) Application data'.

 

* ​The created malicious codes are added in Windows registry for executing automatically after Windows rebooting.

 

 * It seems that the created files send emails in order to infect other users using SMTP account.

 

* In addition, it seems that it tries to access a specific site in order to do additional malicious actions, but there are no normal connections currently.

 

* If users become infected with this malicious code, it seems to be occurred overload with users' PC by massive network connections and additional malicious behaviors. 

 

 

[How to repair] 

Reparable by ViRobot engine ver. 2014-09-19 or above.