Home / malware Backdoor.Rarstone
First posted on 09 October 2015.
Source: SymantecAliases :
There are no other names known for Backdoor.Rarstone.
Explanation :
Once executed, the Trojan creates the following files:
%CurrentFolder%\mshtml.dat%System%\msictl.exe
The Trojan creates the following registry entry so that it runs every time Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"msisvc" = ""%System%\msictl.exe" -rpcss"
The Trojan then opens a back door on the compromised computer and connects to the following command-and-control (C&C) server:
free.googlenow.in/tag=info&id=15
The Trojan may then download potentially malicious files onto the compromised conmputer.Last update 09 October 2015
