Trojan.Ramage, aliases Win32/Ontonphu and Win32/Flooder.Ramagedos, is a Trojan that servers as a back door. It is downloaded and dropped by other malicious programs and can be controlled remotely. This Trojan targets Windows OS. Although, it's not the most sophisticated piece of malicious code, Trojan Ramage may perform a distributed denial-of-service attack (DoS/DDoS) and collect certain information on the compromised computer. It then sends gathered information (operating system version and volume serial number) to a remote server.
When executed, the trojan usually copies itself into the 'Application Data' folder. However, it may drop additional files in Windows system folders as well. Trojan.Ramage creates the following files:
- %UserProfile%\Application Data\ODBC.exe
- %UserProfile%\Application Data\Intel.exe
- %UserProfile%\Application Data\Netscape.exe
- %UserProfile%\Application Data\Intel.exe
- %UserProfile%\Application Data\Sysinternals.exe
- %UserProfile%\Application Data\WinRAR.exe%
- UserProfile%\Application Data\Policies.exe
- %Windir%\Sxc\svchost.exe
- %System%\drivers\svclock.exe
Share this information with your friends:
0 comments:
Post a Comment