Home / malware Backdoor.Vinself.C
First posted on 23 October 2014.
Source: SymantecAliases :
There are no other names known for Backdoor.Vinself.C.
Explanation :
When the Trojan is executed, it creates the following file:
%UserProfile%\Application Data\wbt.dat
The Trojan opens a back door on the compromised computer, and connects to one of the following domains:
[http://]adda.lengendport.com[http://]auty.organiccrap.com[http://]nunok.ninth.biz[http://]pure.mypop3.org[http://]tsl.gettrials.com
The Trojan will contact the domain and parse the HTML output for commands.
The Trojan may perform the following the actions:
Execute shell commandsRead filesWrite to filesWrite to %UserProfile%\Application Data\wbt.datLast update 23 October 2014
