The GFI Security researchers warn that cybercriminals are pushing their trojan through fraudulent clicks () adopted commonly observed in patterns scareware distribution techniques. First of all, according to experts, it seems that the objective are the users of Chrome and Firefox in particular, although they are not among the first browsers that are exploited to distribute this type of malware with such schemes. The Trojans, part of the family, is distributed by a resgistrato domain through a free provider. Dynamic DNS is a technology that allows a DNS to be always associated with the IP address of a single host, even if the address is changed over time.
file behavior:
- The process is packed and / or encrypted using a software packing process
- Writes the virtual memory to another process (Process Hijacking)
- Add a product to the system registry
- It adds a registry key (RunOnce) to start automatically at system startup programs
- Adds a Registry Key (RUN) to start programs automatically to the start up of the system
- It can communicate with other computer systems using HTTP
- Limit user privileges on the computer
- Protect themselves against the attacks of.
- Use strong passwords.