 | |
| |
| 10 Feb 2011 | #1 |
| | Another round of bots for MSRT Quote: This month we add another bot to the MSRT family list – Win32/Cycbot. Cycbot was discovered in August 2010 and has quickly become prevalent. It seems that Cycbot’s creators called it “Gbot”, as it used this name as an identifier in the reports it would send back to its controllers. Recent variants of the malware have stopped using this identifier, possibly in an attempt to make detection more difficult, but the functionality hasn’t changed much. All of Cycbot’s communications are done using HTTP, including the retrieval of backdoor commands. As a backdoor, it’s functionality is limited to capabilities like updating itself and downloading and running other malware; we’ve seen it download Rogue:Win32/FakePAV in the past. Its main purpose, however, is more subtle. Cycbot sets itself up as an HTTP proxy for any machine it affects. It does this by listening on a TCP port such as 54141 (this number varies), and then changing the browser’s proxy settings to point to this port on the local host. It can do this for Internet Explorer, Firefox and Opera. |
My System Specs | |
 |
Another round of bots for MSRT problems?
« Here’s a Super Simple Trick to Defeating Fake Anti-Virus Malware
|
Deeper insight into the Security Advisory 967940 update »
| Thread Tools | |
| Similar help and support threads for: Another round of bots for MSRT | ||||
| Thread | Forum | |||
| A Second MSRT Release in April | Security News | |||
| Fake users or bots??? | Chillout Room | |||
| MSRT Fake | System Security | |||
| Bots, bots, and again bots. | Security News | |||
All times are GMT -5. The time now is 09:59 AM.
