Once executed, this Trojan attempts to connect to a remote server. Once connected, it acts as a proxy server and enables the sending of e-mail messages using the infected system.

Some of the remote servers it may connect to are as follows:

• cna.secdep.info
• cnb.secdep.info
• gl.secdep.info

This Trojan has a stealth feature that hides the following files if they are present in the Windows system directory:

• koos.exe
• kprof.exe
• poof.exe
  

Last update 20 June 2007

 

TOP