1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. System Infected: Trojan.Eupuds Network Activity

System Infected: Trojan.Eupuds Network Activity

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects Trojan.Eupuds network activity.

Additional Information

When the Trojan is executed, it creates the following file:
%UserProfile%\Application Data\[RANDOM CHARACTERS].exe

Next, the Trojan creates the following registry entry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"[RANDOM CHARACTERS].exe" = "%UserProfile%\Application Data\[RANDOM CHARACTERS].exe"

The Trojan then monitors the following Web browsers to intercept and modify Web traffic:

Internet Explorer
FireFox
Chrome


Next, the Trojan steals account information for the following websites:

live.com
hotmail.com
facebook.com


The Trojan then sends this information to the following remote locations:

75.102.25.190
75.102.25.196
75.102.25.197
205.234.130.202
205.234.130.201
216.246.30.4
216.246.30.5
216.246.91.221
216.246.91.220

Affected

  • Windows
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube