|
|
|  |
|
|
|
|
F-Secure Malware Information Pages: Trojan-Downloader:W32/ConHook.APX

|
|
|
| Radar |
 |
|
|
|
Summary
|
| This type of trojan secretly downloads malicious files from a remote server, then installs and executes the files. |
|
|
|
Details
|
Network Connections Attempts to connect to:
- http://65.243.103.56/go/
- http://65.243.103.60/go/
- http://65.243.103.62/go/
- http://89.188.16.10/go/
- http://89.188.16.16/go/
- http://24.244.171.110/redirect/[...].php
Registry Modifications Creates these keys:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
- HKCR\CLSID\...\InprocServer32
|
|
|
|
Additional Details
|
Trojan-Downloader:W32/ConHook.APX captures keywords from searches and creates relevant popup windows and ads.
It may attempt to use its outbound connections to download additional malicious programs, or to send information.
ConHook.APX targets Web searches made on the following sites:
- 7search.com
- alexa.com
- alltheweb.com
- ask.com/
- bbc.co.uk
- comcast.net
- destinationadult.com
- excite.co.jp
- findsearch.net
- gigablast.com
- goguides.org
- google
- hotbot.com
- infoseek.co.jp
- instafinder.com
- jayde.com
- kanoodle.com
- lb1.netster.com
- live.com
- lycos
- mamma.com
- mirago.co.uk
- mysearch.myway.com
- mywebsearch.com
- neon.org.uk
- netster.com
- query.nytimes.com
- recherche.aol.fr
- reference.com
- s.teoma.com
- search.about.com
- search.aol
- search.daum.net
- search.dmoz.org
- search.earthlink.net
- search.looksmart.com
- search.msn
- search.netscape.com
- search.netzero.net
- search.sympatico.msn.ca
- search.wanadoo.co.uk
- search.xtramsn.co.nz
- searchmiracle.com
- sensis.com.au
- uk.searchengine.com
- url.searchuk.com
- usseek.com
- vivisimo.com
- web altavista.com
- web.ask
- websearch.com
- wesearchall.com
- www.excite.co.jp
- yahoo
Trojan-Downloader.Win32.ConHook.apx is a component of Virtumonde.
Virtumonde (also known as Vundo) is adware that is heavily used to promote "rogue" applications.
See the Virtumonde description and the Rogue antispyware description for additional details. |
|
|
|
F-Secure Corporation |
|
|
|
|
|
Last Modified: September 16, 2008
|
|
|
|
|