Home / malwarePDF  

Trojan.Bedep


First posted on 11 February 2015.
Source: Symantec

Aliases :

There are no other names known for Trojan.Bedep.

Explanation :

The Trojan may arrive through a website hosting the Angler exploit kit. The exploit kit takes advantage of Flash vulnerabilities and loads the Trojan into memory. As a result, the Trojan may not create files or registry entries on the computer.

When the Trojan is executed, it changes User Access Control (UAC) settings by modifying the values in the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktopHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdminHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser
The Trojan may then perform the following activities on the compromised computer: Start and end Explorer.exeGather details on the OS versionGather user namesCheck for an internet connection by connecting to microsoft.comDownload and run files from randomly generated domains

Last update 11 February 2015

 

TOP