Home / malware Trojan:Win32/Spycos!cfg
First posted on 24 May 2012.
Source: MicrosoftAliases :
There are no other names known for Trojan:Win32/Spycos!cfg.
Explanation :
Trojan:Win32/Spycos!cfg is the configuration file used by members of the Win32/Spycos malware family.
Installation
Trojan:Win32/Spycos!cfg may have any of the following file names:
- %Temp%\prffile.dat
- %Temp%\prffile.dat_
- <Win32/Spycos folder>\prffile.dat
- <Win32/Spycos folder>\desktop.ini
It may be dropped or downloaded by other Win32/Spycos files.
Payload
Trojan:Win32/Spycos!cfg contains configuration information used by the main malware component to perform its payload. This information may include the following:
Additional information
- Websites to connect to
- SMTP servers
- Email account information
- Message body to use to send spam emails
- URL where an updated copy of Win32/Spycos is found
- URL where an updated copy of Trojan:Win32/Spycos!cfg is found
Trojan:Win32/Spycos!cfg has been found stored in the following URLs:
- carixas.com
- cataputas.kit.net
- cerradao.kit.net
- detroytes.kit.net
- escvisao.kit.net
- fredeventosme.globat.com
- gam3spr02012.kit.net
- japanises.com
- jpinheirodias2012.kit.net
- katia2011.kit.net
- logisticaexata.kit.net
- maioranajr.kit.net
- marinetechaves.globat.com
- mchapuleta.kit.net
- motogp2012.kit.net
- naminhacasa.kit.net
- newfreedo.kit.net
- newsupdates.kit.net
- newsvips.kit.net
- paulinoj2012.kit.net
- rafatur2012.kit.net
- reventosme.kit.net
- rvmsys.kit.net
- samovins.kit.net
- samuraicom.kit.net
- servicosgerais2012.kit.net
- soballadass.kit.net
- srinamesconf.kit.net
- suporte-ivonildes.com.br
- tellesst.kit.net
- uiaexes.com
- uppvmak.kit.net
- upvmak.kit.net
- upwssom.kit.net
- versones.kit.net
Analysis by Jonathan San Jose
Last update 24 May 2012
