You Are Here: Home » MalwareCity » WEEKLY REVIEW » BitDefender weekly review

BitDefender weekly review

By: | comment : 0 | November 09, 2009 |  Posted in: WEEKLY REVIEW

Normal
0

false
false
false

EN-US
X-NONE
X-NONE

MicrosoftInternetExplorer4

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:”Table Normal”;
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:”";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:”Calibri”,”sans-serif”;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:”Times New Roman”;
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:”Times New Roman”;
mso-bidi-theme-font:minor-bidi;}

Once the Trojan is successfully run on the system, it would
create copies of itself in the %SYSTEMROOT%System32 and %HOMEPATH%%USERNAME%
folders, called reader_s.exe.  It would also add itself to the list of
programs executed at each Windows startup and would deploy additional
components to allow a remote attacker access to the infected machine.

The backdoor component in Trojan.Cutwail.Z also allows it to
be automatically upgraded by its “master” from a remote location over the
Internet. The Cutwail family is extremely prolific and each new variant of the
Trojan includes additional features.

The Cutwail family, also known as Pushdo, is responsible for
one of the largest active botnets. The total amount of “zombified” systems is
impressive – they are used primarily for sending spam messages, but Cutwail is
more than that. Other variants of the Trojan would even download third-party malicious
files and install them on the already-infected machine.

Given the fact that Cutwail infections are extremely
difficult to spot (the only visible symptom is increased Internet activity),
you are advised to regularly scan your system with a freshly updated
antimalware solution. 

Information in this
article is available courtesy of BitDefender virus researcher Marius Vanta.

About The Author

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.

Number of Entries : 187

Related posts

Leave a Comment

© 2012 Powered By Bitdefender

x
Loading...
Scroll to top