Home / malware Trojan:Win32/Bamital.A
First posted on 15 December 2009.
Source: SecurityHomeAliases :
Trojan:Win32/Bamital.A is also known as Backdoor.Win32.Agent.andi (Kaspersky), Trojan.Bamital.Gen (VirusBuster), Win32/Agent.QJM (ESET).
Explanation :
Trojan:Win32/Bamital.A is a trojan often installed by other malware. It monitors and modifies Web search queries and displays advertisements. It is triggered when the browser is Internet Explorer, Opera, Firefox, Chrome, or Safari.
Top
Trojan:Win32/Bamital.A is a trojan often installed by other malware. It monitors and modifies Web search queries and displays advertisements. It is triggered when the browser is Internet Explorer, Opera, Firefox, Chrome, or Safari. InstallationTrojan:Win32/Bamital.A may arrive in the system with the following file names in the Windows system folder:curslib.dll kbdnet.dll mscert.dll msnetlib.dll rdolib.dll wincert.dll winuid.dll Payload Modifies browsing behaviorTrojan:Win32/Bamital.A patches and redirects the following functions of the Windows Socket module, which are used by the browser, to its malicious routine so it can monitor and modify Web search queries and offer its own online advertisements:recv WSASend WSARecv send closesocket WSAAsyncSelect Connects to a remote serverWin32/Bamital.A may also send and download additional information from the following Web servers:mynewworldorder.cn search-nows.cn wonder-how.cn world1domination.co.cc
Analysis by Jireh SanicoLast update 15 December 2009