Win32/Sednit [Threat Name]
| Detection created | 2013-04-09 |
Short description
The trojan serves as a backdoor. It can be controlled remotely.
Installation
The trojan is usually a part of other malware.
The trojan is usually found in the following folder:
- %system%
- %temp%
- %commonprogramfiles%\System\
- %programfiles%\Internet Explorer\
The following filename is used:
- %variable%.dll
A string with variable content is used instead of %variable% .
Information stealing
The trojan collects the following information:
- computer name
- information about the operating system and system settings
- list of running processes
The trojan attempts to send gathered information to a remote machine.
Other information
The trojan acquires data and commands from a remote computer or the Internet.
The trojan contains a list of URLs. The HTTP protocol is used.
It can execute the following operations:
- download files from a remote computer and/or the Internet
- run executable files
- log keystrokes
- send gathered information
For further information follow the links below: