1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. System Infected: Backdoor.Hugly Activity

System Infected: Backdoor.Hugly Activity

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects Backdoor Hugly activity on the compromised computer.

Additional Information

When the Trojan is executed, it creates a mutex to ensure it is the only copy of itself running on the compromised computer.

Then it drops and executes the following files:

%ProgramFiles%\[CHINESE CHARACTERS].hwp
%ProgramFiles%\Common Files\config.exe


Next, the Trojan injects code into the following file before executing it:
calc.exe

The Trojan then deletes the following file:
%CurrentFolder%\[SAMPLE_NAME].exe

It then drops the following file:
%ProgramFiles%\Windows NT\hyper.dll

Affected

  • Windows 2000, Windows 7, Windows NT, Windows Vista, Windows XP
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube