Troj/Zasil-A

Discussion in 'malware problems & news' started by Technodrome, Nov 5, 2002.

Thread Status:
Not open for further replies.
  1. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Troj/Zasil-A creates and executes the file registry.exe in the Windows folder and then displays a pornographic JPG image.

    The file registry.exe creates the following registry entry, which starts registry.exe when Windows starts up:

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Registry Services

    Each time registry.exe is executed the Trojan will attempt to download a text file from the internet that contains links to scripts that access pages from lists of website addresses contained in the scripts. The Trojan may also access a spyware script that reports the IP address being used by the active Trojan.

    Troj/Zasil-A leaves multiple copies of the dropped executable and the JPG
    file in the Windows Temp folder.

    The JPG graphic is of a naked middle-aged blonde woman sitting on a table and advertises a pornographic website.

    http://www.sophos.com



    Technodrome
     
    Technodrome, Nov 5, 2002
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...