OTHER MALWARES Part 10

Publié le par SSTA



-Trojan Downloader Small.dam: P1/P2








-Trojan Obfuscated.ev: P1/P2










-Trojan Spy Lmir.bgk: P1/P2










-Trojan Spy Mara.bo: P1/P2










-Trojan Spy Small.bs: P1/P2









Here again system process terminology is used: svchost is a generic process in relation with many services (for those who are not afraid by French language1, they can a take a look at  SVCHOST
Informations, designed to list svchost services).
A simple way to distinguish the legitimate svchost.exe from a malicious process disguised as svchost.exe, is to open the task manager and to look at the user name: all system processes are displayed under System "account/privileges", and all other under administrator/user account/privileges.

The "intruder" :




The legitimate:




For powerd/advanced/experimented users, there's FCIV Microsoft utility, and for normal users we can also mention "sigverif.exe" (Run-Execute) and Programchecker which is free (personal edition).

-Trojan Agent.dt: P1/P2











-Trojan Start Page.ama: P1/P2










-Wxhshell backdoor: P1/P2












As it is displayed, this test was done in a non particular herdened host:





-Backdoor Arape.a: F1/P2




F1: we have not use run key for the configuration of the server (server editor), and the backdoor just try to open a connection:
 





-Backdoor Agent.po: P1/P2






-Backdoor Gobot.y: F1/P2



Fake system error message box:


But the first goal of a backddor is to look outside:







-DSKlite trojan: P1/P2







We build the server file that we rename as "HotGirl" (three examples for adult only here: enter the "wash" command, enjoy, and come back here please or...we'll phone your mum...).










1. Tony Blair is not afraid of the french accent...


















Publié dans KASPERSKY 6 TEST

Commenter cet article