Home / malware Trojan.Nbot
First posted on 10 March 2015.
Source: SymantecAliases :
There are no other names known for Trojan.Nbot.
Explanation :
Once executed, the Trojan injects code into the following process to hide the infection:
svchost.exe
The Trojan also deletes the original dropper to hide its presence ion the compromised computer:
Next, the Trojan connects to one or more of the following remote locations:
[http://]callientefever.info/img/new/ref[REMOVED][http://]callientefever.info/img/new/[REMOVED]
The Trojan may then perform the following actions on the compromised computer:
Perform DDoS attacksRead configuration data from the browserUse the user agent string "Mozilla/4.0"Upload data to a remote locationLast update 10 March 2015
