利用USB充电软件传播的木马Trojan.Arugizer
Updated: 11 Mar 2010
利用USB线为自己的手机或者其他电子设备充电十分方便。不过,方便之余,用户也需要注意它其中包含的风险,因为最近赛门铁克安全响应中心就发现了一个利用USB充电程序传播的木马病毒Trojan.Arugizer。
Trojan.Arugizer在运行以后会将自己拷贝到C:\WINDOWS\system32\Arucer.dll,并添加下列注册表以达到开机自启动的目的:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Arucer"
= "rundll32 C:\WINDOWS\system32\Arucer.dll,Arucer"
= "rundll32 C:\WINDOWS\system32\Arucer.dll,Arucer"
然后该木马将打开计算机后门,端口号为7777,攻击者利用这个端口达到以下目的:1.下载运行可执行程序;2.删除文件;3.发送文件到远程服务器;4.向攻击者发送计算机文件目录信息。
Trojan.Arugizer通常被捆绑在USB充电软件的安装包中,以此来进行传播。如果用户下载并安装该软件安装包,计算机就可能会被Trojan.Arugizer 感染。因此,我们建议用户不要轻易从互联网下载安装来历不明的应用程序。同时,经常升级您的安全软件病毒定义库可以保护您的计算机远离最新出现的病毒威胁。
blog entry Filed Under:
About Security Response Blog
Our security research centers around the world provide unparalleled analysis of and protection from malware, security risks, vulnerabilities, and spam.
Filter by:
Recently on Twitter
threatintel
- You can find Symantec’s blog post on MSFT’s February #PatchTuesday updates here: http://t.co/kuRYUH5014 Feb 2012
- MSFT patches six critical vulnerabilities: http://t.co/bhNCCM8h14 Feb 2012
- Revamped Fake #Android Market for SMS Fraud http://t.co/mlrosRUH #malware10 Feb 2012
- Is Waledac spam dirtying the Russian 2012 elections? http://t.co/6gWaIyq610 Feb 2012
- Trojan.Activehijack found in the wild using a known #Office #vulnerability. http://t.co/7L8Xszwr09 Feb 2012
Blog Tags
Endpoint Protection (AntiVirus) Spam Malicious Code Online Fraud Vulnerabilities & Exploits Security Risks phishing Emerging Threats Message Filter Messaging Gateway Symantec Protection Suites (SPS) Hosted Mail Security Mail Security for Exchange/Domino Evolution of Security Mobile & Wireless Email Encryption IT Risk Management W32.Stuxnet facebook Endpoint Encryption Internet Security Threat Report 10.x 11.x 9.x and Earlier Microsoft Patch Tuesday