This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signautre detects W32.Extrat trojan activity on infected system.
The worm is related to the following remote access tools (RATs):
When the worm is executed, it creates the following file:
The worm opens a back door on the compromised computer, allowing an attacker to perform the following actions:
Steal stored passwords
Activate and view a webcam
Create an HTTP proxy
Connect to a control server on TCP
The worm may inject itself into iexplore.exe, or any customizable process.
- Various versions of Windows