Win32/Bubnix [Threat Name] go to Threat
Win32/Bubnix.AB [Threat Variant Name]
Available cleaner [Download Bubnix Cleaner ]
Category | trojan |
Size | 586240 B |
Aliases | Trojan.Win32.Buzus.duug (Kaspersky) |
Trojan:WinNT/Bubnix.M (Microsoft) | |
Hacktool.Rootkit (Symantec) |
Short description
Win32/Bubnix.AB is a trojan that is used for spam distribution. It uses techniques common for rootkits. The file is run-time compressed using VMProtect .
Installation
The trojan is usually a part of other malware.
The trojan does not create any copies of itself.
The trojan creates and runs a new thread with its own program code within the following processes:
- services.exe
Spam distribution
Win32/Bubnix.AB is a trojan that is used for spam distribution.
The message depends entirely on data the trojan downloads from the Internet.
Other information
The trojan acquires data and commands from a remote computer or the Internet.
The trojan contains a list of IP addresses. The SSL protocol is used.
It may perform the following actions:
- download files from a remote computer and/or the Internet
- run executable files
- send spam
The trojan checks for Internet connectivity by trying to connect to the following servers:
- www.google.com
The trojan hides its presence in the system. It uses techniques common for rootkits.