This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects W64.Cridex malware activity on the infected machine.
The Trojan may arrive on the compromised computer after being downloaded by other threats.
When the Trojan is executed, it creates the following registry entry as binary data:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\[GUID]\ShellFolder\[NUMBER]=[ENCRYPTED BINARY DATA]
The Trojan opens a back door on on the compromised computer, and connects to one of the following locations:
The Trojan may send and receive data (including configuration files) to and from the previously mentioned locations.
The Trojan may perform the following actions:
Steal information entered in forms
Inject code into websites visited on the compromised computer
Download other module components
The Trojan targets the following browsers:
- Various Windows platforms.