The Trojan is downloaded from the Internet.
Whe the Trojan is executed, it connects to the following URL:
The Trojan may perform the following actions:
- Initiate designated denial-of-service (DDoS) attacks through UDP, TCP, GET, and POST methods
- Download and execute additional files
- Execute commands sent from the attacker
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":