Home / malware DDoS:Win32/Nitol.B
First posted on 10 October 2012.
Source: MicrosoftAliases :
There are no other names known for DDoS:Win32/Nitol.B.
Explanation :
DDoSWin32/Nitol.B is a malicious program that is unable to spread of its own accord. It may perform a number of actions of an attacker's choice on an affected computer.
Installation
When executed, DDoSWin32/Nitol.B copies itself to <system folder> folder using a variable file name, for example: kkagks.exe
Note: <system folder> refers to a variable location that is determined by the malware by querying the operating system. The default installation location for the System folder for Windows 2000 and NT is "C:\WinNT\System32"; and for XP, Vista, and 7 it is "C:\Windows\System32".
Payload
Contacts remote hosts
DDoSWin32/Nitol.B may contact the following remote hosts:
- huanjue6369029.gicp.net using port 1400
- imddos.my03.com using port 9090
Commonly, malware may contact a remote host for the following purposes:
- To confirm Internet connectivity
- To report a new infection to its author
- To receive configuration or other data
- To download and execute arbitrary files (including updates or additional malware)
- To receive instruction from a remote attacker
- To upload data taken from the affected computer
This malware description was produced and published using our automated analysis system's examination of file SHA1 9efa2e4b63456a124160bb5867af1972a46cd40f.
Last update 10 October 2012
