Home / malware Trojan:Win32/Brolocker.A
First posted on 11 June 2010.
Source: SecurityHomeAliases :
Trojan:Win32/Brolocker.A is also known as Trojan.Win32.Brolocker (Ikarus), Trojan.Agent2.IYO (VirusBuster).
Explanation :
Trojan:Win32/Brolocker.A is a trojan that attempts to download and run malicious files from remote Web sites and send captured information to a remote attacker.
Top
Trojan:Win32/Brolocker.A is a trojan that attempts to send captured information to a remote attacker and download and run malicious files from remote Web sites. InstallationTrojan:Win32/Brolocker.A usually arrives in the system when a user visits a malicious Web site. In the wild, we have observed this trojan downloaded from the domain "gbsup.com" as "csrv.exe". Payload Captures and sends data to a remote attackerTrojan:Win32/Brolocker.A runs silently and hooks Windows API calls to "EnumWindow" allowing it to locate windows related to the Web browsers Internet Explorer and Mozilla Firefox. This trojan tries to send messages and keystrokes to that window which may block user's input. The trojan captures user input and sends the captured information to a remote attacker. This trojan may also contact the remote host "toget.ru" and send captured information to a remote attacker. Downloads arbitrary filesTrojan:Win32/Brolocker.A attempts to connect to the domain "gbsup.com" using TCP port 80 and download arbitrary files.
Analysis by Wei LiLast update 11 June 2010