This Trojan was a bitch, called Trojan.Badlib. Created to infect computers, when it entered into the computer system so he would react differently. First Trojan.Badlibakan parent tries target computer (C & C), and look what the command will be done. Trojan.Badlib will find a list of IP that are in the main list.

When the first time the parent computer (C & C) was found and send a reply to his job. Trojan.Badlib will download other malware from multiple places that have been ruled by the C & C, and sends the digital signature to ensure the file is retrieved it is true according to his duty.

According to Symantec, Trojan.Badlib attract at least three other trojans is Trojan.Badfaker, Trojan.Badminer, and Infostealer.Badface.

What are the jobs to the 3 trojans taken by Trojan.Badlib

Trojan.Badfaker have to shut down antivirus functions can already infiltrated inside the computer. This Trojan will change the boot the computer into Safe Mode when the computer began to start.

Then delete the files associated with antivirus and antivirus to make it look to duplicate the icon on the computer screen. As if computer owners will still see that the antivirus is still running. Though already been modified by Trojan.Badfaker. Another task is to turn off the firewall and the warnings from the Microsoft Security Center. At the end of the story, this trojan will display false warnings in Russian and English.

Trojan.Badminer using GPU capabilities of the infected computer to mine BitCoins. (This one is not clear to what)

Infostealer.Badface has a duty to steal personal data. From the popular social network login and create a local web server to redirect the destination site. Once logged obtained then these trojan will send to C & C. Later can be utilized for other purposes, can be sold on the black market or to hijack the social networking accounts.

All of the above malware deliberately look for activities in the world of cyber theft.

One Response to “Beware Trojan.Badlib”