This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects Trojan.Dirtjump activity on compromised machine
The Trojan may arrive on the computer as a file with any of the following names:
It then creates the following file:
The Trojan also creates the following registry subkeys:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\[THREAT FILE NAME]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_[THREAT FILE NAME]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[THREAT FILE NAME]
The Trojan then connects to a predetermined command and control server and downloads a list of URLs.
- Various windows platforms