1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Trojan Horse Goolbot Activity

HTTP Trojan Horse Goolbot Activity

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects Trojan Horse Goolbot communicating and requesting information from its controlling server.

Additional Information

Trojan Horse is a detection name used by Symantec to identify malicious software programs that masquerade as benign applications or files.

Trojan horse programs pose as legitimate programs or files that users may recognize and want to use. They rely on this trick to lure a user into inadvertently running the Trojan. Often a Trojan will mimic a well known legitimate file name or pose as a particular type of file, like a .jpg or .doc file to trick a user.

Distribution of Trojans on to compromised computers occurs in a variety of ways. From email attachments and links to instant messages, drive-by downloads and being dropped by other malicious software. Once installed on the compromised computer, the Trojan begins to perform the predetermined actions that it was designed for.

Trojan horse is a generic name given to all Trojan programs and they can be further categorized by their primary payload functions and may generally includes the following types:

* Backdoor.Trojan - a Trojan with a primary purpose of opening a back door to allow remote access at a later time.
* Downloader - a Trojan with a primary goal of downloading another piece of software, usually additional malware.
* Infostealer - a Trojan that attempts to steal information from the compromised computer.

Affected

  • Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube