The Trojan searches for routers by reading the following file name:
The Trojan attempts to brute-force the routers using commonly used usernames and passwords.
The Trojan may connect to one of the following servers:
- 220.127.116.11, port 53
- 18.104.22.168, port 5
The Trojan may accept the following commands from the remote server:
The Trojan may steal system information from the following location and send it to a remote server:
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":