Home / malware Trojan:Win32/Sefnit.AC
First posted on 26 December 2011.
Source: MicrosoftAliases :
Trojan:Win32/Sefnit.AC is also known as Win32/Sefnit.CC trojan (ESET), Sefnit.c (McAfee), Troj/Sefnit-T (Sophos), Trojan.Sefnit (Symantec), TROJ_SPNR.16LB11 (Trend Micro).
Explanation :
Trojan:Win32/Sefnit.AC is a trojan that may monitor Internet Explorer and Mozilla Firefox to hijack search results from certain engines.
Top
Trojan:Win32/Sefnit.AC is a trojan that may monitor Internet Explorer and Mozilla Firefox to hijack search results from certain engines.
Installation
Trojan:Win32/Sefnit.AC may arrive on a computer with the name "UtilHelpSnap.dll". It may be dropped by another malware that exploits a vulnerability in the Java Runtime Environment (JRE).
It creates the following registry entry as part of its installation routine:
HKCU\Software\AppleHelpPath\{9780d26a-be37-48dc-90b4-e40fbdeb9d2e}
Trojan:Win32/Sefnit.AC runs the following command to execute itself:
rundll32.exe "%appdata%\AppMainAgent\UtilHelpSnap.dll", sysNetvga Sysmousemon2
Payload
Hijacks search engine results
Trojan:Win32/Sefnit.AC injects itself into Internet Explorer and Mozilla Firefox to hijack search results conducted using the following search engines:
- MSN
Analysis by Horea Coroiu
Last update 26 December 2011
