Home / malware

PDF

Trojan:Win32/Conedex.B

First posted on 21 February 2012.
Source: Microsoft

Aliases :

Trojan:Win32/Conedex.B is also known as Trojan.Redirector.JS.BF (BitDefender), TROJ_AGENT.CHO (Trend Micro).

Explanation :

Trojan:Win32/Conedex.B is an obfuscated executable file that contains an embedded malicious script. The script redirects Internet search queries and sends user data to a remote server. The payload of the embedded script payload may change among variations of the trojan.
Top

Trojan:Win32/Conedex.B is an obfuscated executable file that contains an embedded malicious script. The script redirects Internet search queries and sends user data to a remote server. The payload of the embedded script payload may change among variations of the trojan.

Installation
This trojan may be installed by other malware. When run, it executes its related payload.

Payload
Redirects Internet search query resultsWhen Trojan:Win32/Conedex.B executes, it extracts and runs a script that compares the names of visited domains with the following list:

• www.google.com
• www.bing.com
• search.icq.com
• search.yahoo
• .ask.com
• search.aol.com

If any of the above names are a match, the trojan redirects the search results to another domain. The trojan sends the following details about the affected computer to a remote host using HTTP:

• computer ID
• operating system version

The trojan may send the same information to a server with IP address176.<removed>.17.20.

Analysis by Marianne Mallen

Last update 21 February 2012

 

TOP