1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. System Infected: Typideg Activity

System Infected: Typideg Activity

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects activity of Backdoor.Typideg.

Additional Information

When the Trojan is executed, it may create the following registry entry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"conime" = "[THREAT PATH]"

Note: [THREAT PATH] indicates that the path can be anywhere the threat is run from.

The Trojan opens a back door on the compromised computer, and connects to one of the following URLs:
[http://]98.188.111.244/home/inde[REMOVED]
[http://]wwap.publiclol.com/home/inde[REMOVED]
[http://]59.0.249.11/home/inde[REMOVED]
[http://]198.209.212.82/home/inde[REMOVED]

The Trojan may perform the following actions:
Download and execute remote files
Upload files from the compromised computer

Affected

  • windows
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube