Date Discovered: 10/9/2003
Date Added: 4/1/2004
SubType: Remote Access
There are multiple variants of this remote access trojan. For optimal detection, the latest engine/DATs combination should be used, and the scanning of compressed files enabled (default option).
At the time of writing, a spamming of a downloader trojan (detected as Downloader-IU ) has been observed. The downloader is configured to download and install a variant of this remote access trojan. (Some components installed by this variant are detected with the 4346 DATs. Full detection and cleaning will be available in the 4347 DATs.)
Exact details between variants (Registry key names, filenames etc) may vary, but the following general characteristics are applicable to this family:
serves as a HTTP proxy on the victim machine
serves as a SOCKS proxy on the victim machine
notification of infection is sent to the hacker (via HTTP)
certain passwords are harvested from the victim machine, and emailed to the hacker (trojan contains its own SMTP engine to construct message). These include MAPI, system and POP3 passwords.
Cameras that make great holiday gifts
Let them start the new year with a step up in photo and video quality from a phone.