SecurityHome.eu Trojan:MSIL/Beyuwa.A

Home / malware PDF

Trojan:MSIL/Beyuwa.A

First posted on 26 May 2015.
Source: Microsoft
Aliases :
There are no other names known for Trojan:MSIL/Beyuwa.A.
Explanation :
Threat behavior

Installation

This threat can be dropped or downloaded by other malware.

This trojan attempts to download files from the Internet to connect to video URLs to increase the number of views of video URLs.

If successfully downloaded, this malware tries to download the files from the following URL:

http://80.242.123.211:888/nig.txt

http://80.242.123.211:888/refer.txt

Both nig.txt and refer.txt contain a list of video URLs.

This trojan connects to one of the video URLs from nig.txt and uses one of the video URLs in refer.txt as the HTTP referer.

This threat uses the following hard coded User-Agent in its HTTP Header when connecting to the video URLs:

Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0

Payload

Increase video views

This threat attempts to increase the number of views of video URLs which can lead to the popularity of the video.

Symptoms

Alerts from your security software might be the only symptom.

Last update 26 May 2015

TOP

Malware :

Last 20

Family:

Trojan:MSIL/Beyuwa.A