Win32/Fuclip [Threat Name] go to Threat
Win32/Fuclip [Threat Variant Name]
Category | trojan |
Aliases | Trojan-Downloader.Win32.Small.dam (Kaspersky) |
Downloader-BAI.gen (McAfee) |
Short description
The trojan serves as a backdoor. It can be controlled remotely. The trojan is being spammed by e-mail.
Installation
The trojan is being spammed by e-mail.
Several different variants of messages appeared.
Subject of the message may be one of the following:
- 230 dead as storm batters Europe
- British Muslims Genocide
- U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel
- Hugo Chavez dead
- Radical Muslim drinking enemies' blood
- Sadam Hussein safe and sound!
- Sadam Hussein alive!
- Hugo Chavez dead.
- Fidel Castro dead.
The attachment is an executable of the trojan.
Its filename may be one of the following:
- Full Clip.exe
- Full Video.exe
- Full Story.exe
- Greeting Card.exe
- Greeting Postcard.exe
- Postcard.exe
- Read More.exe
- Video.exe
When executed, the trojan drops one of the following files in the %system% folder:
- wincom32.sys
- peers.ini
The trojan registers itself as a system service using the following name:
- wincom32
Other information
The trojan can download and execute a file from the Internet. It can be controlled remotely.
The trojan might attempt to hide its presence in the system. It uses techniques common for rootkits.