Home / malware Trojan.Boscan
First posted on 14 March 2015.
Source: SymantecAliases :
There are no other names known for Trojan.Boscan.
Explanation :
Once executed, the Trojan may connect to one or more of the following remote locations:
[http://]www.qoog1e.com/sea_c1/file/i/[REMOVED][http://]78.46.220.106[http://]210.56.51.129:8080/recv[REMOVED][http://]210.56.51.129:8080/lv.[REMOVED][http://]210.56.51.129:8080/plg[REMOVED][http://]210.56.51.129:8080/kl.[REMOVED]
The Trojan may then perform the following actions on the compromised computer:
Load additional JavaScript into web pageEnumerate installed software on the compromised computerLog keystrokes
The Trojan may also gather the following information from the compromised computer and send it to the attacker using GET/POST requests:
User agent informationReferrerDocument titleWindows screen sizeIP addressOperating system versionLast update 14 March 2015