Discovered: July 13, 2004
Updated: July 14, 2004 3:59:12 AM
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows NT, Windows 2000
When Trojan.Foron is executed, it installs itself as a browser helper object
by creating the following registry keys:
HKEY_CLASSES_ROOT\Html.mmHKCR\Html.mm.1HKCR\CLSID\{B49DA3DF-E569-423d-BDEA-8F89128E8107}
HKEY_CLASSES_ROOT\TypeLib\{BAF91296-5246-458E-BB13-0E14E64BCD28}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49DA3DF-E569-423d-BDEA-8F89128E8107}\(Default)\SUCCESS\MS OLE Extention API
It may need the following associated files to work properly:
msrascfg.ini
mskeboard.dll
mssysmsg.dll
mstword.dll
It executes command.com or cmd.exe for backdoor purpose.
It monitors all packets through the infected computer.
It queries the following information:
OS version
Computer Name
Registered User Name
Registered Organization Name
RAM
Cached password
It sends email upon receiving command from the author.
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine