Home / malware Trojan:WinNT/Bubnix.J
First posted on 07 September 2010.
Source: SecurityHomeAliases :
Trojan:WinNT/Bubnix.J is also known as RTKT_BUBNIX.A (Trend Micro), Hacktool.Rootkit (Symantec), Mal/Krap-B (Sophos), Trj/Krapack.gen (Panda), Rootkit.Win32.Agent (Dr.Web), Win32/Bubnix.Q (CA), RKIT/Krap.B.56228 (Avira).
Explanation :
Trojan:WinNT/Bubnix.J is a trojan that installs itself as a system driver. It injects code into legitimate processes, connects to remote servers, and sends out spammed email messages.
Top
Trojan:WinNT/Bubnix.J is a trojan that installs itself as a system driver. It injects code into legitimate processes, connects to remote servers, and sends out spammed email messages. Installation Trojan:WinNT/Bubnix.J is a trojan that arrives in a computer as a highly obfuscated file to hinder analysis. It is dropped and installed as a system driver with a random file name in the following folder:%windir%\System32\drivers\ It installs the driver as a service under the following subkey:HKLM\System\CurrentControlSet\<random service name> Payload Injects code Trojan:WinNT/Bubnix.J may inject code into the following legitimate process:services.exe Connects to a remote server Trojan:WinNT/Bubnix.J may try to connect to the following remote server, possibly to report its installation or to download and execute other malware:egypt-flowers.biz Sends out spammed email messages Trojan:WinNT/Bubnix.J may send out spammed email messages using the following mail servers: digg.com gmail.com google.com wikipedia.org youtube.com
Analysis by Andrei Florin SaygoLast update 07 September 2010
