Currently Trojan.Oficla Oficla (also known as myLoader) spread with spam or exploit browser vulnerabilities to get into a system. It is likely that in the future cyber-criminals will come to use other channels for spreading the malware to infect as many machines as possible.
Besides, various modifications of this Trojan horse are offered for sale to other criminals on special web-sites at a price ranging from $450 to $700.
With Trojan.Oficla a criminal can create a botnet of his own and there are already confirmed instances of detections of installed botnet administration modules on various sites.
ПOnce the system is infected, owners of the botnet formed using Trojan.Oficla gain control over the compromised machine. In particular they can download, install and run any other malicious program in the system.
Trojan.Oficla can also bypass popular firewalls and evade detection by anti-viruses. The program can use the winword.exe file for this purpose if Microsoft Word is installed in the system. Trojan.Oficla Oficla uses this process to hide its presence in the system and complicates the system’s analysis. If MS Word is not installed on the computer, Trojan.Oficla injects its code into the svchost.exe process.
Doctor Web’s virus analysts monitor spreading of malicious programs belonging to the Trojan.Oficla family. Users of Dr.Web products are recommended to enable automatic updating of virus databases and anti-virus components and perform regular scans of disks in protected systems to prevent their infection by such malicious programs.
Tell us what you think
You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.