New
#1
Good article to read. Been reading quite a lot of articles on there.
Read further -Bubnix Uses Interesting Obfuscation Scheme
This month, we added the Bubnix family to the latest Malicious Software Removal Tool (MSRT) release.
WinNT/Bubnix is a complicated spam bot which arrives on an affected computer by way of a downloader, TrojanDownloader:Win32/Bubnix.A. TrojanDownloader:Win32/Bubnix.A is itself often downloaded by variants of Win32/Bredolab and Win32/Harnig in the wild.
Generally speaking, it is common for a malicious executable to be transferred in encrypted form by a downloader. In order to increase the apparent legitimacy of the content,
TrojanDownloader:Win32/Bubnix.A takes this a simple step further. Let us take a look at what the Bubnix downloader retrieves below:
Figure 1. Content retrieved by the Bubnix downloader
Microsoft Malware Protection Center
Thanks Jan, good info.
Just cleaned up trojans on a friends laptop, always good to get the latest tools.