Alcobot.A

Discussion in 'NOD32 version 2 Forum' started by Beng, Jan 24, 2004.

Thread Status:
Not open for further replies.
  1. Beng

    Beng Guest

    G'day Guys,
    Recently a client was infected by this trojan.
    We initially detected it manually and sent the offending file to a few AV companies, Eset included.
    The response was quite prompt from Eset, which we are grateful. :D However the response was only to update the definitions to detect it as Alcobot.A.
    The issue we have is that this trojan did infect a client site. Whilst we removed the executables etc, and also ran the trojan in a virtual enviroment to see if it had any unforseen effects, we are not specifically Antivirus specialists.
    The best we can tell is it modified the registry to lauch at boot, dropped a copy in the Windows directory and replaced the wmplayer.exe file. Then launched a SYN Dos attack at another IP.
    It didn't seem to try and self replicate at all.
    Has anyone else seen this trojan, and or know if it has an alias? :doubt:

    Regards, Ben.
     
  2. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Hi Ben,

    Unfortunately, I don't have any specs for you. All I can say is this one has been added to the KAV/AVP database on January 15th 2004 as "backdoor.Alcobot" - no description available either as far as I know.

    regards.

    paul
     
  3. Beng

    Beng Guest

    G'day Paul,
    Thanks for the reply, it seems that no-one else has any answers either....
    Oh well, I hope for my clients sake that it was benign...

    Cheers Ben.
     
Thread Status:
Not open for further replies.