Home / malwarePDF  

Infostealer.Rombertik


First posted on 07 May 2015.
Source: Symantec

Aliases :

There are no other names known for Infostealer.Rombertik.

Explanation :

The Trojan may arrive on the computer through spam emails.

When the Trojan is executed, it creates the following files: %UserProfile%\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe%UserProfile%\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].bat
The Trojan then creates the following file so that it runs every time Windows starts: %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\Startup\[RANDOM CHARACTERS].vbs
Next, the Trojan connects to the following remote location: www.centozos.org.in/don1/gate.php
The Trojan may then perform the following actions: Overwrite the Master Boot RecordEncrypt files that don't include the .dll, .exe, .vxd, and .drv file extensionsInject code into web browsers in order to steal sensitive informationDisable the SPDY protocol on web browsers to make them less secure

Last update 07 May 2015

 

TOP