|
特 徴:
This file infector may be dropped by other malware. It may be downloaded unknowingly by a user when visiting malicious Web sites.
This file infector creates and maps a section in memory where it copies part of its code. It then jumps to the said code in memory. It creates a remote thread to execute its backdoor routine and to disable Windows File Protection.
This file infector connects to IRC servers to join a certain channel to receive and execute commands on the affected system.
This file infector reads a URL to download files detected as TROJ_DROPPER.JHD. It then executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system.
It hooks the following APIs so that when these APIs are called, the code which infects files is executed. Infected files are detected as PE_VIRUX.F-1.
It also infects script files by first checking if the target script file's extension name. Infected script files are detected as HTML_IFRAME.APX. However, it does not infect files that contain certain strings in their file names, or with certain characteristics.
It returns execution to the host file's original code after execution. This file infector modifies the system's HOSTS file by inserting a string at the beginning of the file.
このウイルスに関しては次の情報も参照してください。
対応方法
詳細
感染状況
情報公開日: 2009/04/08
ウイルスデータベース検索
このウイルス情報に関して. こちらのアンケートにお答えください。
|
