Virus:TR/Agent.40960.177
Date discovered:09/08/2010
Type:Trojan
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low to medium
Damage Potential:Low to medium
Static file:Yes
File size:40.960 Bytes
MD5 checksum:aea8d7c82c5f432a005c80a9ede32029
IVDF version:7.10.10.125 - Monday, August 9, 2010

 General Aliases:
   •  Kaspersky: Trojan.Win32.Siscos.acx
   •  F-Secure: Trojan.Win32.Siscos.acx
   •  Sophos: Troj/Siscos-A


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7


Side effects:
   • Registry modification
   • Steals information

 Files It copies itself to the following location:
   • %WINDIR%\services.exe

 Registry –  [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "Adobe Update Service"="%WINDIR%\services.exe"

 Messenger It is spreading via Messenger. The characteristics are described below:

– Windows Live Messenger

 IRC – Furthermore it has the ability to perform the following action:
    • connect to IRC server

 Backdoor Contact server:
The following:
   • zk.imageshak.biz:4507


 Miscellaneous  Checks for an internet connection by contacting the following web site:
   • http://cachefly.cachefly.net/1mb.test

 File details Programming language:
 The malware program was written in MS Visual C++.

Description inserted by Irina Diaconescu on donderdag 28 oktober 2010
Description updated by Irina Diaconescu on woensdag 3 november 2010

Terug . . . .

© 2013 Avira Operations GmbH & Co. KG. Alle rechten voorbehouden.

Mijn Account

https:// Dit venster is voor uw veiligheid gecodeerd.