The Trojan is usually manually installed or executed on the affected computer.
When the Trojan is executed, it connects to the following remote location:
18.104.22.168: 59871 (TCP)
The Trojan may then perform the following activities:
- Send CPU and network information to a remote location
- Use the compromised computer to conduct distributed denial-of-service attacks.
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":