This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects traffic generated by Trojan.Litagody which may compromise the target host.
This Trojan may be downloaded from malicious websites that exploit the following vulnerabilities:
Adobe Acrobat and Reader Multiple Arbitrary Code Execution and Security Vulnerabilities (BID 27641)
Adobe Acrobat, Reader, and Flash CVE-2010-3654 Remote Code Execution Vulnerability (BID 44504)
When the Trojan is executed it creates the following mutex:
The Trojan then gathers information about the compromised computer, such as running processes and installed software.
It sends this information using a POST request to one of the following locations:
The Trojan then downloads an update of itself as an encrypted DLL and registers it as a service.
- Windows 2000, Windows Server 2003, Windows Vista, Windows XP