Home / malware

PDF

Spammer:Win32/Hedsen

First posted on 06 February 2015.
Source: Microsoft

Aliases :

There are no other names known for Spammer:Win32/Hedsen.

Explanation :

Threat behavior

Installation

This threat can be installed on your PC by other malware. It can also be installed when you visit a malicious or compromised website.

Payload

Sends spam emails

This threat can use your PC to send spam emails from compromised email accounts. The spam emails are used to spread other malware, such as Win32/Upatre.

We have seen it connect to the following remote hosts through HTTP to retrieve configuration information:

• 188.165.204.205
• 188.165.204.205
• 188.165.231.8
• 69.64.59.222
• 94.23.49.77

The configuration information includes instructions for sending spam emails, including the details of previously stolen email account user names and passwords. The malware logs on to the stolen accounts and sends spam emails that spread Win32/Upatre.



Analysis by Patrick Estavillo

Symptoms

Alerts from your security software might be the only symptom.

Last update 06 February 2015

 

TOP