1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. System Infected: Backdoor.Vertexbot Activity 2

System Infected: Backdoor.Vertexbot Activity 2

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This Signature detects malicious activities performed by Vertexbot Backdoor

Additional Information

The bot connects to a HTTP command and control server, upload stolen information. This stolen information consists of:
* IP
* Computer name
* Country
* Idle time

On receiving commands from the server, the bot can perform the following activities:
* Execute a command
* List all running processes
* Send a message to the screen
* Terminate the process
* List loaded modules
* Start a keylogger which logs data to "%TEMP%\vnlogs.log"
* Retrieve the keylogged data
* Uninstall itself
* Download a URL to a file and execute this file
* Perform a HTTP denial of service attack
* Create a remote shell
* Open a URL

Affected

  • Various
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube