Vaksincom antivirus firm through his statement, Tuesday (12/06/2011), detecting at least there are 10 traits DorkBot.Bx infected computer. The following characteristics:
1. CPU 100%
Just like its predecessor (BitCoinMiner), DorkBot.Bx will also make the CPU becomes sluggish. Shows the percentage of CPU usage 100%. This is because the activity of trojans that attempt to break the cryptographic block BitCoin and actively trying to make sending data.
2. Wasteful of bandwidth
With frequent use of cryptographic activity of the computer resources, will certainly make use of the CPU is slow (100%). But behind it is to note the activities of the Internet bandwidth usage, as a result of trojan DorkBot.Bx makes your bandwidth to be extravagant.
3. Hiding a folder on a USB drive or removable disk
Just like BitCoinMiner trojan, trojan DorkBot.Bx was also doing the same thing is to hide the folders on the USB or removable disk and create a shortcut similar false name of the folder. It seems the trend shortcut also inspire trojan DorkBot.Bx
4. Connecting to Server BitCoin
Trojan DorkBot.Bx attempt to connect to Server BitCoin to perform cryptographic delivery BitCoin blocks malware authors use the account on BitCoin. In this way, the malware authors benefited from being able to quickly and easily perform cryptographic blocks BitCoin through the help of computers already infected.
5. Connect to IRC / Remote Server
Trojan DorkBot.Bx also attempt to connect to IRC / Remote Server for the delivery of computer users BitCoin information required by the malware authors.
6. Downloading files malware
In order to simplify the action, trojans DorkBot.Bx also to download some specific malware files from IRC / Remote Server in order to stay updated and are not easily recognizable by the antivirus. Files of different malware is what sometimes makes it difficult to detect the presence of antivirus trojan DorkBot.Bx.
7. Downloading files Certificate Authority (CA)
Basically, the Certificate Authority (CA) is used in online payment transactions such as banks, PayPal, and thousands of other sites that use the SSL protocol. By downloading the file CA, malware makers want to ensure that victims of infected computers already have updated so that CAs can transact safely BitCoin.
8. Transfer data have been obtained
The main objective of the trojan DorkBot.Bx is getting information from the user's computer that is infected.
9. Open various ports
DorkBot.Bx Trojan also opens various ports on the victim's computer to be able to easily connect to the IRC / Remote Server, and perform various actions with privacy.
10. Adopting Facebook Chat
This method is probably the most common users. DorkBot.Bx provide a URL link that has been converted into a short, so users will be easily fooled. If the link is opened, then the user will download a file using the file name and icon are quite 'sexy'.
Another characteristic is to modify the registry and create some files to infect computers. In order to directly active when the user connects the USB or removable drives, trojans DorkBot.Bx exploit security holes of Windows is Windows Icon handler that makes the shortcut from the trojan file will be active once to access the drive.
by;detik
0 komentar:
Post a Comment