Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    News of a new botnet has been circulating recently in the threat landscape. According to reports, several systems have been infected by TROJ_DLOADE.ATJ, which has been built to download and install other malware. The Trojan does not, however, seem to have any distributed denial-of-service (DDoS) capability.

    This Trojan may be downloaded when users visit sites under the domain {BLOCKED} or {BLOCKED} It may also download other malware from the said domain. Once installed, it attempts to connect to the command-and-control (C&C) server using TCP port 8090 to register itself and to wait for commands. It also has the capability to communicate with other bots via some kind of peer-to-peer (P2P) connection over ports 7000–7010. It also connects to specific malicious sites, which are currently inaccessible.

    Botnets have been dubbed as the most prevalent and dangerous threats lurking in the Internet, as they can cause severe damage such as information theft and malware infections.

    Trend Micro™ Smart Protection Network™ already protects product users from this particular threat blocking access to malicious sites and domains via the Web reputation service and by preventing the download and execution of TROJ_DLOADE.ATJ and other related malware onto systems via the file reputation service.

    Update as of April 15, 2010, 4:40 p.m. (GMT +8:00):

    TROJ_DLOADE.ATJ is now detected by Trend Micro as BKDR_HELOAG.SM. It receives specific IP addresses and commands from a host bot.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice