Trojan.Tenagour.9 helps attackers in DDoS attacks
Hello!
Warns about the spread of malware Trojan.Tenagour.9. This Trojan is an “advanced” tool for attackers who carry out DDoS attacks on various Internet resources.
Trojan.Tenagour.9 consists of two components: an injector and a dynamic library in which the payload is stored.
')
Once launched in the operating system, the Trojan checks for the presence of its installed copy and, if it does not exist, is saved to one of the folders under the name smss.exe, and then registers itself in the branch of the system registry responsible for automatically launching applications.
Then Trojan.Tenagour.9 sends to the remote command server a request containing data about the version and bitness of the operating system, the MD5 hash of the name of the infected computer and the serial number of the first partition of the hard disk.
In response, the Trojan receives an encrypted string containing the URL of the site on which the attack will be carried out, and several auxiliary parameters.
In addition, a directive to update the Trojan can be received from the remote command center.
The Trojan allows you to perform 8 types of DDoS attacks on various Internet resources using TCP / IP and UDP protocols, GET and POST methods.
It also provides the functionality of automatically adding to the list of attacked resources of all links found on the site specified by the attackers.
The signature of this threat has been added to Dr.Web virus databases.
Warns about the spread of malware Trojan.Tenagour.9. This Trojan is an “advanced” tool for attackers who carry out DDoS attacks on various Internet resources.
Trojan.Tenagour.9 consists of two components: an injector and a dynamic library in which the payload is stored.
')
Once launched in the operating system, the Trojan checks for the presence of its installed copy and, if it does not exist, is saved to one of the folders under the name smss.exe, and then registers itself in the branch of the system registry responsible for automatically launching applications.
Then Trojan.Tenagour.9 sends to the remote command server a request containing data about the version and bitness of the operating system, the MD5 hash of the name of the infected computer and the serial number of the first partition of the hard disk.
In response, the Trojan receives an encrypted string containing the URL of the site on which the attack will be carried out, and several auxiliary parameters.
In addition, a directive to update the Trojan can be received from the remote command center.
The Trojan allows you to perform 8 types of DDoS attacks on various Internet resources using TCP / IP and UDP protocols, GET and POST methods.
It also provides the functionality of automatically adding to the list of attacked resources of all links found on the site specified by the attackers.
The signature of this threat has been added to Dr.Web virus databases.
Source: https://habr.com/ru/post/138958/
All Articles