1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. System Infected: Trojan.Syndicasec Activity 5

System Infected: Trojan.Syndicasec Activity 5

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects Trojan.Syndicasec activity on infected machine.

Additional Information

When the Trojan is executed, it creates the following files:

%System%\cryptbase.dll
%Temp%\gupdate.exe


The Trojan then gathers the following information from the compromised computer:

Host name
MAC address
OS version


It sends the above information to the following locations:

[http://]lob131313.skyrock.com/rss[REMOVED]
[http://]lobsang362.wordpress.com/fe[REMOVED]
[http://]sugersuger.thoughts.com/fe[REMOVED]


Next, the Trojan downloads a JavaScript from one of the above locations and executes it.

Affected

  • All windows platforms.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube