Win32/Spudrag (CA.com)
Win32/Spudrag (CA.com)
Description Published: 2005. augusztus 1.
Description Modified: 2005. augusztus 2.
Threat Assessment
Overall Risk: Very Low
Wild: Low
Destructiveness: Low
Pervasiveness: None
Type: Trojan
Category: Win32
Also known as DesktopHijack (McAfee), Trojan.Desktophijack.B (Symantec), Druogna (McAfee), Win32/Druogna.7168!Trojan, W32/FakeAlert.Z (F-Secure), Win32/Spudrag.6144!Trojan, Win32.Spudrag.A, Win32.Spudrag.B, Win32.Spudrag.C, Troj/Spyjack-A (Sophos), Troj/Spyjack-C (Sophos), Trojan.Win32.Agent.ff (Kaspersky), Trojan.Win32.Small.eu (Kaspersky), Trojan.Win32.Small.ev (Kaspersky)
Description
Win32/Spudrag is a family of trojans dropped by several Win32.Alemod variants to display a fake infected message. This message is intended to intimidate users into downloading a dubious ´spyware´ scanning application.
Method of Infection
Several Alemod variants drop and execute a file %System%intel32.exe, or %System%intell32.exe which displays a red alert icon in the system tray. This file may be detected as Win32.Spudrag by CA antivirus solutions. If the user hovers their mouse over the icon, it displays the following message:
˝Your computer is infected!˝
If the user right-clicks on the icon, it displays this message:
˝Click here to protect your computer from spyware / virus threat.˝ 
Should the user left-click on the icon, the trojan launches the user´s default Internet browser to display a particular webpage.
Alemod also modifies the registry so that this file is executed at each Windows start:
HKLMSoftwareMicrosoftWindowsCurrentVersionRunintel32.exe = ˝%System%intel32.exe˝
or
HKLMSoftwareMicrosoftWindowsCurrentVersionRunintell32.exe = ˝%System%intell32.exe˝
For more information on Win32.Alemod variants that drop Win32.Spudrag, please see elsewhere in our encyclopedia:
Win32.Alemod.D
Win32.Alemod.E
Note: ´%System%´ is a variable location. The malware determines the location of the current System folder by querying the operating system. The default installation location for the System directory for Windows 2000 and NT is C:WinntSystem32; for 95,98 and ME is C:WindowsSystem; and for XP is C:WindowsSystem32.
More information on CA Virus Information Center:
http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=43317
Computer Associates – the Trusted Source of Security Knowledge
- Microsoft revamps Bing to include interactive social sidebar
The three-column interface also includes a ´snapshot´ for more direct interaction with products and places.
- Adobe Creative Cloud Now Available
Two New Touch Apps for iOS and Adobe Muse Also Shipping
- Acer G6 series - Super-slim design, inspiring performance
- Come Explore the VIA Smart Ecosystem at Computex 2012
- HP tries to beat ultrabook pricing with thin-and-light Sleekbooks
- MasterCard´s PayPass Wallet will span online, mobile, in-store shopping
- Google infringed Java copyrights in Android, jury finds
- After false alarm, no verdict Friday in Oracle Google
- Lenovo building industrial center to develop tablets, smartphones
- Facebook´s valuation for IPO will be lower than initially expected
Member of IVSZ
Member of SZEK
Acer Affinity Gold partner
Dell Registered Partner
OKI System Shinrai Partner
XEROX Viszonteladó
APC megbízható szállító
EATON Authorized Partner
Cisco partner
Symantec Software Partner
ESET Partner
FUJITSU partner
LENOVO Premium Partner
IBM Business Partner
PARTNERS: Computerworld.hu | GameStar.hu | PCWorld.hu | SG.hu | PC Guru | Hitel