Cidra.D was discovered on 10th of March 2004. It's a trojan proxy, allowing
to use users' computers to relay information, i.e. unsolicited email.
Installation to system
The trojan will add an entry to the Windows registry aiming at being run every time
Windows starts. The key will be:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run\UsbD]
Which will point where the file is initially run from.
Spreading in
Cidra.D does not spread by itself. It was massively spammed.
Payload
It will relay connections though infected computers, giving its creator a
massively distributed distribution channel for spam and other content.
Detection for this malware was published on March 10th, 2004
in the following F-Secure Anti-Virus updates:
[FSAV_Database_Version]
Version=2004-03-10_02
Technical Details:
Ero Carrera, March 10th, 2004;
F-Secure Corporation
