Updated: February 13, 2007 11:44:00 AM
Type: Spyware
Version: 7.0
Publisher: cablehead software
Risk Impact: High
File Names:
class0117[random].exe
Console.exe
integ.dll
sysclass.dll
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
When Spyware.Blackbox is installed, it performs the following actions:
- Creates the following files:
- %ProgramFiles%\Blackbox7\class0117[random].exe
- %ProgramFiles%\Blackbox7\Console.exe
- %ProgramFiles%\Blackbox7\Dll\256-1.nnn
- %ProgramFiles%\Blackbox7\Dll\413.nnn
- %ProgramFiles%\Blackbox7\Dll\integ.dll
- %ProgramFiles%\Blackbox7\Dll\Ldll.dll
- %ProgramFiles%\Blackbox7\Dll\s.fif
- %ProgramFiles%\Blackbox7\Dll\sysclass.dll
Notes:
- %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
- The actual class0117[random].exe filename may vary. This file is responsible for monitoring keystrokes.
- Console.exe is a log view. The default password is "blackbox".
- Creates the following registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CDBF4EC-22A2-4889-B51E-43AFC910B831}\InprocServer32\: "C:\Program Files\Blackbox7\Dll\sysclass.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17B3DDEA-E0ED-4767-9F67-9ABFC4C60578}\InprocServer32\: "C:\Program Files\Blackbox7\Dll\integ.dll"
- Modifies the value:
"Registry" = "C:\Program Files\Blackbox7\class0117[random].exe"
in the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
so that the security risk runs every time Windows starts.
- Captures emails and chat logs, and monitors Internet activity.
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
