"Trojan Download" New varieties recently appeared

Absrtact: November 7 News, the National Computer Virus Emergency treatment center through monitoring found that Trojans download new varieties recently appeared. It is understood that the Trojans download new variants is through the network to obtain configuration files, and hijacked the current more popular third-party applications

November 7 News, the National Computer virus Emergency treatment center detected by the monitoring, "Trojan Horse Downloader" new varieties recently appeared.

It is understood that the new variant of "Trojan Downloader" is to obtain configuration files via networking and hijack components of the currently more popular third-party applications. After the execution of these software, the malicious Trojan program gets control of the system, releases promotional advertising shortcuts in favorites and desktops, and lures computer users to click on profit by gaining click traffic.

Changes can be carried out automatically by application hijacking, and once you get the Favorites directory from the infected computer's user operating system, a shortcut to multiple ad Web pages is generated and freed. In addition, the variant also obtains the operating system's desktop directory, generates and releases an ad shortcut to the System desktop, and the icon file points to the browser ie.

According to experts, the variant runs, creating a configuration file (suffix name INI) under the system directory in the infected operating system, setting the file as a hidden attribute, and writing configuration data information, mainly describing the third party software name and method that the variant needs to hijack. At the same time, establish the Updata folder in the directory of the variant, find the Dynamic Link Library program window with fixed title, and if found, exit the program, and if not found, download the file from the specified Web page in the network and rename it in the same directory as the variant.