Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: New Trojan Recruits Mouse-Clicking PC Users to Do Its Dirty Work


16 Dec 2012   #1

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 
New Trojan Recruits Mouse-Clicking PC Users to Do Its Dirty Work

Quote:
Windows PC owners be warned—there's a new strain of malware out there that pressgangs users themselves into helping it accomplish its dirty deeds via mouse clicks.

Dubbed "Trojan Upclicker" by the FireEye Malware Intelligence Lab researchers who identified it this week, this elusive bit of malicious code is purpose-built to evade identification by the automated analysis systems used by many anti-virus vendors.
Source

A Guy

My System SpecsSystem Spec
.

16 Dec 2012   #2

Windows 7 Ultimate x64 SP1
 
 

All hail the Trojan Mouse.
My System SpecsSystem Spec
16 Dec 2012   #3

Windows 7 Ultimate SP1 (64 bit), Windows XP SP3, Linux Mint 17 MATE (64 bit)
 
 
Why didn't they ...

I'm not sure why they didn't highlight a simple solution for this (someone posted it in the comments).

1 - Go to:
C:\Windows\System32\drivers\etc
2 - Using Notepad (or other text editor) open this file:
hosts
3 - Add this entry:
127.0.0.1 sendmsg.jumpingcrab.com
Note:
There is a space between the "1" and the "s" (you can use Tab(s) in the hosts file, if you want to).
My System SpecsSystem Spec
.


16 Dec 2012   #4

Windows 7 Ultimate x64 SP1
 
 

It works for Windows 7 and all prior versions, but if I recall Windows 8 locked down the HOSTS file from user modification, though I might be recalling wrong.
My System SpecsSystem Spec
17 Dec 2012   #5

Windows 7 pro 64bit. (SP1)
 
 

Quote   Quote: Originally Posted by lehnerus2000 View Post
I'm not sure why they didn't highlight a simple solution for this (someone posted it in the comments).
3 - Add this entry: 127.0.0.1 sendmsg.jumpingcrab.com
Note:
There is a space between the "1" and the "s" (you can use Tab(s) in the hosts file, if you want to).
this will translate address sendmsg.jumpingcrab.com to local host (your own pc).
I assume that sendmsg.jumpingcrab.com is bad site that has to do somethig with this trojan?
do you think bad people keep only this one and never change address for bad site?

the problem is because it requires mause click (user interaction) it may not be detected on automated virus analysis systems, bacause usually those systems are virtual systems without mouse and automated that means no user interaction.
My System SpecsSystem Spec
17 Dec 2012   #6

Windows 7 Ultimate SP1 (64 bit), Windows XP SP3, Linux Mint 17 MATE (64 bit)
 
 

Quote   Quote: Originally Posted by King Arthur View Post
It works for Windows 7 and all prior versions, but if I recall Windows 8 locked down the HOSTS file from user modification, though I might be recalling wrong.
If that's true, it's another stupid W8 innovation.

I can't get my W8 VHD to start, since I reinstalled Windows 7, so I can't test it.

Quote   Quote: Originally Posted by vaidas3 View Post
this will translate address sendmsg.jumpingcrab.com to local host (your own pc).
Yes.

Quote   Quote: Originally Posted by vaidas3 View Post
do you think bad people keep only this one and never change address for bad site?
No.
However they will have to get the new site name on your PC to restore the malware's functionality.

Quote   Quote: Originally Posted by vaidas3 View Post
the problem is because it requires mause click (user interaction) it may not be detected on automated virus analysis systems, bacause usually those systems are virtual systems without mouse and automated that means no user interaction.
That's what the article says.
It's an obvious way of defeating automated testers.
My System SpecsSystem Spec
Reply

 New Trojan Recruits Mouse-Clicking PC Users to Do Its Dirty Work




Thread Tools



Similar help and support threads for2: New Trojan Recruits Mouse-Clicking PC Users to Do Its Dirty Work
Thread Forum
Solved Error when right clicking: C:\users\owner\appdata\local\tmp\stpraxi... General Discussion
Tiny Trojan Targets Turkish Users Security News
MacControl Trojan Being Used in Targeted Attacks Against OS X Users Security News
Mouse that doesn't get dirty? Chillout Room
Mouse clicking and scrolling on its own Hardware & Devices
Mouse clicking trouble Hardware & Devices
Opera Users: Open Single Tab When Clicking Outside Link Browsers & Mail

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 12:34 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33