Virus:TR/Proxy.Wopla.W
Date discovered:07/05/2006
Type:Trojan
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
Static file:Yes
File size:40.960 Bytes
MD5 checksum:f53a5214c750dedbfb6dfe50ef3ae959
VDF version:6.34.01.45
IVDF version:6.34.01.46 - Monday, May 8, 2006

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Symantec: Trojan.Tannick.B
   •  Mcafee: Downloader-JF
   •  Kaspersky: Trojan-Proxy.Win32.Wopla.x
   •  TrendMicro: TROJ_WOPLA.V
   •  Sophos: Troj/Slogger-K
   •  VirusBuster: trojan Trojan.PR.Wopla.M
   •  Bitdefender: Trojan.Proxy.Wopla.X


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Uses its own Email engine
   • Registry modification

 Registry The following registry key is added:

– HKLM\SOFTWARE\Microsoft\Internet Explorer\Main
   • "Placeholder_Databt"="%hex values%"

 Email It contains an integrated SMTP engine in order to send Spam emails. A direct connection with the destination server will be established. The characteristics are described in the following:


From:
Gathered addresses from the internet. Please do not assume that it was the senders intention to send this email to you. He might not know about his infection or might not even be infected at all. Furthermore it is possible that you will receive bounced emails that tell you that you are infected. This might also not be the case.


To:
– Gathered addresses from the internet.


Subject:
The following:
   • %gathered from the internet%



Body:
The body of the email is the following:
   • %gathered from the internet%



The email looks like the following:


 Mailing Gather addresses:
It gathers addresses by contacting the following website:
   • http://208.66.195.44:8080

 Backdoor Contact server:
The following:
   • http://bt.secdep.**********



Remote control capabilities:
    • Send emails

 File details Programming language:
 The malware program was written in MS Visual C++.

Description inserted by Ionut Slaveanu on Tuesday, August 1, 2006
Description updated by Ionut Slaveanu on Tuesday, August 1, 2006

Back . . . .