Home / malware TrojanDownloader:Win32/Bubnix.A
First posted on 12 January 2010.
Source: SecurityHomeAliases :
TrojanDownloader:Win32/Bubnix.A is also known as Packed.Win32.Krap.xq (Kaspersky), TR/Agent.X.407 (Avira), Trojan.Downloader.Bredolab.BU (BitDefender), Win32/Agent.QMR (ESET), Bredolab.gen.l (McAfee), TROJ_BUBNIX.B (Trend Micro).
Explanation :
TrojanDownloader:Win32/Bubnix.A is a trojan that downloads and executes other malware.
Top
TrojanDownloader:Win32/Bubnix.A is a trojan that downloads and executes other malware. InstallationTrojanDownloader:Win32/Bubnix.A may be downloaded or dropped by other malware. It drops a copy of itself in the Windows Temporary Files folder using a randomly-generated file name. To prevent several instances of itself from running in memory, it generates pseudo-randomly named mutexes and events. Payload Downloads other malwareTrojanDownloader:Win32/Bubnix.A attempts to connect and download a rootkit trojan from the any of the following IP addresses:69.4.230.76 208.101.27.44 74.86.210.134 In the wild, this trojan has been known to download VirTool:Win32/Rootkit.BV. If the download is successful, it drops the downloaded rootkit as "<system folder>\driver\<random>.sys". It then registers the rootkit as a kernel driver service with the name "Boot Bus Extender". Note - <system folder> refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP, Vista, and 7 is C:\Windows\System32.
Analysis by Rodel FinonesLast update 12 January 2010
