Home / malware Trojan:Win32/Alureon!inf
First posted on 25 February 2009.
Source: SecurityHomeAliases :
There are no other names known for Trojan:Win32/Alureon!inf.
Explanation :
Trojan:Win32/Alureon!inf is a detection for the autorun.inf file created by members of the Win32/Alureon family when spreading via shared and removable drives. Win32/Alureon is mostly a family of data-stealing trojans. These trojans allow an attacker to intercept incoming and outgoing Internet traffic in order to gather confidential information such as user names, passwords, and credit card data. The Win32/Alureon family may also allow an attacker to transmit malicious data to the infected computer. Alureon may modify DNS settings on the host computer to enable the attacker to perform these tasks. As a result, it may be necessary to reconfigure DNS settings after Win32/Alureon is removed from the computer. Later variants of this family have developed into worms that spread via shared and removable drives.
Symptoms
There are no obvious symptoms that indicate the presence of this malware on an affected machine.
Trojan:Win32/Alureon!inf is a detection for the autorun.inf file created by members of the Win32/Alureon family when spreading via shared and removable drives. Win32/Alureon is mostly a family of data-stealing trojans. These trojans allow an attacker to intercept incoming and outgoing Internet traffic in order to gather confidential information such as user names, passwords, and credit card data. The Win32/Alureon family may also allow an attacker to transmit malicious data to the infected computer. Alureon may modify DNS settings on the host computer to enable the attacker to perform these tasks. As a result, it may be necessary to reconfigure DNS settings after Win32/Alureon is removed from the computer. Later variants of this family have developed into worms that spread via shared and removable drives.Spreads Via…Shared and Removable DrivesWhen executed, Alureon may copy itself as boot.com to the
esycled directory in the root of all accessible drives. It also creates an autorun.inf in the root of these drives. The autorun.inf file (detected as Trojan:Win32/Alureon!inf) contains execution instructions for the operating system which are invoked when the drive is viewed using Windows Explorer, thus executing boot.com, and enabling Alureon to spread. It should be noted that autorun.inf files on their own are not necessarily a sign of infection, as they are used by legitimate programs and installation CDs. For more information, please see the Win32/Alureon family description elsewhere in our encyclopedia.
Analysis by Shali HsiehLast update 25 February 2009