1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. System Infected: Trojan.Cridex Activity 15

System Infected: Trojan.Cridex Activity 15

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature attempts to detect W32.Cridex worm activity on the infected system

Additional Information

When the worm is executed, it copies itself to the following location:
%UserProfile%\Application Data\[RANDOM CHARACTERS].exe

It then creates the following files:

%UserProfile%\Application Data\[RANDOM HEXIDECIMAL NUMBER]\[RANDOM HEXIDECIMAL NUMBER].DAT.DAT
%UserProfile%\Application Data\[RANDOM HEXIDECIMAL NUMBER]\[RANDOM HEXIDECIMAL NUMBER].DAT
%Temp%\POS[RANDOM HEXIDECIMAL NUMBER].BAT
%System%\drivers\[RANDOM HEXIDECIMAL NUMBER].sys

Affected

  • All windows platforms
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube