Win32/Sednit [Threat Name]

Detection created2013-04-09
Short description

The trojan serves as a backdoor. It can be controlled remotely.

Installation

The trojan is usually a part of other malware.


The trojan is usually found in the following folder:

  • %system%
  • %temp%
  • %commonprogramfiles%\­System\­
  • %programfiles%\­Internet Explorer\­

The following filename is used:

  • %variable%.dll

A string with variable content is used instead of %variable% .

Information stealing

The trojan collects the following information:

  • computer name
  • information about the operating system and system settings
  • list of running processes

The trojan attempts to send gathered information to a remote machine.

Other information

The trojan acquires data and commands from a remote computer or the Internet.


The trojan contains a list of URLs. The HTTP protocol is used.


It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • run executable files
  • log keystrokes
  • send gathered information

For further information follow the links below:


* Sednit group now using web exploits

Please enable Javascript to ensure correct displaying of this content and refresh this page.