Print
|
Send on Yahoo!
|
PDF version
|
RSS
|
Filed Under: VIRUSES DESCRIPTIONS
Trojan.Vundo
Date: 07/01/2008
Author: Mihai Razvan Benchea
The vundo trojan is usually a dll with a random name located in system32 directory. The length of the file name is usually 5 to 7 characters (depending on the version).
The trojan usually consists of 6 threads named Main thread, Protection thread, Registry Thread, File thread, IEEvents thread, Stop and Recover thread. The trojan has the capability of writing informations about each of these threads in a log file (eventhough most of the versions don’t do that). Trojan.Vundo performs different actions depending on the place where it runs. If it runs from lsass.exe or winlogon.exe it starts the protection mutex. If it runs from Internet Explorer it starts the IEEvents thread.
The trojan usually shows popups (about 100 per day) telling users that they are infected and asking them to download rogue antispyware programs like (SysProtect, Storage Protect and WinFixer).
The trojan usually shows popups (about 100 per day) telling users that they are infected and asking them to download rogue antispyware programs like (SysProtect, Storage Protect and WinFixer).
Find out more information about this security threat .
Share our story:
RELATED:
Comment on this:
Powered by