Active key trojan

November 5, 2008 by mxlab Leave a Comment

Emails with the following subjects contain the Trojan.Downloader-58166, W32.SillyDC or Worm.Win32.AutoRun.rwo, depending on the anti virus engine, in the file active_key.zip. It is being detected by 12 of the 36 anti virus engines at Virus Total.

The Activation Keys
Recovery KEYS for your account 

Content:

Hello,

As you requested your account was held up. You can activate it any time with the help of the keys (they are in Word file) added to this letter.

Feel free to address to our offices in your place to get all your questions answered.

Virus Total permalink and MD5: 04cae49dfbfbfdcd1af74015c1003bb5.

Installs a default debugger that is injected into the execution sequence of a target application. If a threat is installed as a default debugger, it will be run every time a target application is attempted to be launched – either to mimic it and hide its own presence (e.g. an open port or a running process), or simply to be activated as often as possible.

The following file will be created: %ProgramFiles%\Microsoft Common\wuauclt.exe, some Windows registry changes will be made, the host name www.microsoft.com will be requested at the host database and connections can be made to the following hosts:

http://*****.ru/ld.php?v=1&rs=13441600&n=1&uid=1

http://*****.ru/ld.php?v=1&rs=13441600&n=1&uid=1.

Filed under Viruses Tagged with , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>