Home / malwarePDF  

Trojan:Win32/Sirefef.M


First posted on 30 August 2010.
Source: SecurityHome

Aliases :

Trojan:Win32/Sirefef.M is also known as Win32/Sirefef.BH (ESET), Mal/FakeAV-EA (Sophos), Trojan.Win32.Generic.pak!cobra (Sunbelt Software), TROJ_BURNIX.SMEP (Trend Micro).

Explanation :

Trojan:Win32/Sirefef.M is a detection for a highly obfuscated trojan that is capable of downloading and installing a fake security scanner, Rogue:Win32/Sirefef, onto the system.
Top

Trojan:Win32/Sirefef.M is a detection for a highly obfuscated trojan that is capable of downloading and installing a fake security scanner, Rogue:Win32/Sirefef, onto the system. Installation In the wild, Trojan:Win32/Sirefef.M has been observed being downloaded onto the computer by Trojan:Win32/Oficla.V, using the file name €œAkapulko.exe€. For information on the files and registry entries Win32/Sirefef.M creates, please refer to the [url]Rogue:Win32/Sirefef, containing the interface and controls used to display the fake security scanner. Payload Downloads and executes arbitrary files Trojan:Win32/Sirefef.M contacts a specific IP address on port 8082, downloading a resource only DLL detected as Rogue:Win32/Sirefef, containing the interface and controls used to display the fake security scanner. For more details about the payload of this Rogue, please refer to the Rogue:Win32/Sirefef description.

Analysis by Amir Fouda

Last update 30 August 2010

 

TOP