| Name: |
Trojan.Conycspa |
| Category: |
Trojan |
| Advice: |
Remove |
| Risk: |
Severe Risk
Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine. |
| Description:
|
Trojan.Conycspa is a mass-mailer that downloads and executes adware, dialers, and mass mailers from the Internet.
Trojan.Conycspa downloads remote files by using the hidden iframe links to the domain conyc.com to exploit the following vulnerabilities:
Microsoft Java Virtual Machine Bytecode Verifier Vulnerability (as described in the Microsoft Security Bulletin (MS99-045).
Microsoft Internet Explorer ITS Protocol Zone Bypass Vulnerability (as described in Microsoft Security Bulletin MS04-013).
Drops %System%q123.vbs.
Downloads and executes %System%sm.exe.
Downloads commands.ini from the domain conyc.com. This file contains URLs on the domain conyc.com, which attempt to download and execute the following programs:
Trojan.Adclicker
CWSConyc
Dialer.Webview
Dialer.Thehun
create the following entires:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
Web Service c:windowssystem32sm.exe
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
Web Service c:windowssystem32sm.exe
|
| Signatures:
|
process: sm.exe: MD5 Hash: 297cdc1eb9ac2bff819...
process: sm.exe: MD5 Hash: 61992b5580787d9957b...
process: sm.exe: MD5 Hash: 61992b5580787d9957b.. |
| Type: |
Trojan - A Trojan software is any software on a user's computer that the user is not aware or intentionally installed. Most Trojan software is designed to perform some sort of actions that could jeopardize the user's security or privacy. |
