Win32/Fuclip [Threat Name] go to Threat

Win32/Fuclip [Threat Variant Name]

Category trojan
Aliases Trojan-Downloader.Win32.Small.dam (Kaspersky)
  Downloader-BAI.gen (McAfee)
Short description

The trojan serves as a backdoor. It can be controlled remotely. The trojan is being spammed by e-mail.

Installation

The trojan is being spammed by e-mail.


Several different variants of messages appeared.


Subject of the message may be one of the following:

  • 230 dead as storm batters Europe
  • British Muslims Genocide
  • U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel
  • Hugo Chavez dead
  • Radical Muslim drinking enemies' blood
  • Sadam Hussein safe and sound!
  • Sadam Hussein alive!
  • Hugo Chavez dead.
  • Fidel Castro dead.

The attachment is an executable of the trojan.


Its filename may be one of the following:

  • Full Clip.exe
  • Full Video.exe
  • Full Story.exe
  • Greeting Card.exe
  • Greeting Postcard.exe
  • Postcard.exe
  • Read More.exe
  • Video.exe

When executed, the trojan drops one of the following files in the %system% folder:

  • wincom32.sys
  • peers.ini

The trojan registers itself as a system service using the following name:

  • wincom32
Other information

The trojan can download and execute a file from the Internet. It can be controlled remotely.


The trojan might attempt to hide its presence in the system. It uses techniques common for rootkits.

Please enable Javascript to ensure correct displaying of this content and refresh this page.