Home / malware DDoS:Win32/Nitol.C
First posted on 10 October 2012.
Source: MicrosoftAliases :
DDoS:Win32/Nitol.C is also known as TROJ_NITOL.SMB (Trend Micro), Trojan.Win32.Scar.gmkz (Kaspersky).
Explanation :
DDoS:Win32/Nitol.C is a malicious program that is unable to spread of its own accord. It may perform a number of actions of an attacker's choice on an affected computer.
Installation
When executed, DDoS:Win32/Nitol.C copies itself to <system folder>\sscqsw.exe.
Note: <system folder> refers to a variable location that is determined by the malware by querying the operating system. The default installation location for the System folder for Windows 2000 and NT is "C:\WinNT\System32"; and for XP, Vista, and 7 it is "C:\Windows\System32".
Payload
Contacts remote host
DDoS:Win32/Nitol.C may contact a remote host at 222.175.169.73 using port 8086. Commonly, malware may contact a remote host for the following purposes:
- To report a new infection to its author
- To receive configuration or other data
- To download and execute arbitrary files (including updates or additional malware)
- To receive instruction from a remote attacker
- To upload data taken from the affected computer
This malware description was produced and published using our automated analysis system's examination of file SHA1 f84c316fe6cc4ae50d37750925102d5570a48938.
Last update 10 October 2012
