Troj/Tobizan-A

Discussion in 'malware problems & news' started by Technodrome, Aug 1, 2002.

Thread Status:
Not open for further replies.
  1. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Troj/Tobizan-A is a backdoor Trojan that creates a copy of itself named kernel32.exe in the Windows system folder and adds the following registry entries to ensure that this file is run each time Windows is started:

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\kernel32
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\kernel32

    The Trojan allows a remote attacker to communicate with and control the compromised computer using IRC.

    source: http://www.sophos.com


    Technodrome
     
Thread Status:
Not open for further replies.