Troj/Tobizan-A

Discussion in 'malware problems & news' started by Technodrome, Aug 1, 2002.

Thread Status:
Not open for further replies.
  1. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Troj/Tobizan-A is a backdoor Trojan that creates a copy of itself named kernel32.exe in the Windows system folder and adds the following registry entries to ensure that this file is run each time Windows is started:

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\kernel32
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\kernel32

    The Trojan allows a remote attacker to communicate with and control the compromised computer using IRC.

    source: http://www.sophos.com


    Technodrome
     
    Technodrome, Aug 1, 2002
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...