The attack function of this Trojan is two parts: a dialer called Qdial-45 and an encrypted downloader called Spy-Agen.bf. The dialer disconnects the current modem connections, then dials a service to show the content. The downloader uses the Encrypted File System (EFS) to encode and retrieve the updated content from the list of websites on the Internet.
Malware 'crawls' to hide the barrier Picture 1 ' This Trojan creates an administrator account of the type with a random name and password.Using this login key pair can encrypt the downloader component it drops into.Then create a random service that points to the encrypted file with properties that log in to the newly created login and password '.
This is the latest malicious program to use encryption mechanisms to hide itself from desktop security software (such as antivirus programs). Last month, security firm Synmatec, which owns SecurityFocus, warned of a virus that could use encryption and an operating system function to hide itself. Other malicious codes, known as ransomware, use encryption mechanisms to "crawl" the file system and hijack file control in victim machines. Distributors This Trojan only offers decryption keys for hijacked files when users pay them a certain fee.