Win32/Bubnix [Threat Name] go to Threat

Win32/Bubnix.AB [Threat Variant Name]

Available cleaner [Download Bubnix Cleaner ]

Category trojan
Size 586240 B
Detection created Apr 15, 2010
Detection database version 5032
Aliases Trojan.Win32.Buzus.duug (Kaspersky)
  Trojan:WinNT/Bubnix.M (Microsoft)
  Hacktool.Rootkit (Symantec)
Short description

Win32/Bubnix.AB is a trojan that is used for spam distribution. It uses techniques common for rootkits. The file is run-time compressed using VMProtect .

Installation

The trojan is usually a part of other malware.


The trojan does not create any copies of itself.


The trojan creates and runs a new thread with its own program code within the following processes:

  • services.exe
Spam distribution

Win32/Bubnix.AB is a trojan that is used for spam distribution.


The message depends entirely on data the trojan downloads from the Internet.

Other information

The trojan acquires data and commands from a remote computer or the Internet.


The trojan contains a list of IP addresses. The SSL protocol is used.


It may perform the following actions:

  • download files from a remote computer and/or the Internet
  • run executable files
  • send spam

The trojan checks for Internet connectivity by trying to connect to the following servers:

  • www.google.com

The trojan hides its presence in the system. It uses techniques common for rootkits.

Please enable Javascript to ensure correct displaying of this content and refresh this page.