Win32/Bubnix [Threat Name] go to Threat
Win32/Bubnix.AA [Threat Variant Name]
Available cleaner [Download Bubnix Cleaner ]
|Detection created||Apr 15, 2010|
|Signature database version||5032|
Win32/Bubnix.AA is a trojan that is used for spam distribution. It uses techniques common for rootkits. The file is run-time compressed using VMProtect .
The trojan is usually a part of other malware.
The trojan does not create any copies of itself.
The trojan creates and runs a new thread with its own program code within the following processes:
The trojan keeps various information in the following Registry key:
- "%variable%" = %data%
A string with variable content is used instead of %variable% .
Win32/Bubnix.AA is a trojan that is used for spam distribution.
The message depends entirely on data the trojan downloads from the Internet.
The trojan acquires data and commands from a remote computer or the Internet.
The trojan contains a list of IP addresses. The trojan generates various URL addresses.
It may perform the following actions:
- download files from a remote computer and/or the Internet
- run executable files
- send spam
The trojan checks for Internet connectivity by trying to connect to the following servers:
The trojan hides its presence in the system. It uses techniques common for rootkits.