February 27, 2012
Trojan.Tenagour.9 consists of two components: the injector and the dynamic link library, which stores the payload. Once launched, the Trojan horse checks if its copy is already present in the system and if not, it saves its file as smss.exe, then adds its entry into the registry branch listing applications launched automatically.
Then Trojan.Tenagour.9 sends information about the OS version and type, computer name MD5-hash and the first partition's volume serial number to a remote server. A reply incorporates an encrypted string containing the URL of a target site and some auxiliary parameters. In addition, a remote command center may send an update command to the Trojan horse.
The Trojan horse uses GET and POST routines to mount 8 types of DDoS-attacks on a variety of Internet resources via TCP/IP and UDP. It can also add all links found on a targeted site to the list of target resources.
The Trojan horse's signature is added to the Dr.Web virus databases.
Tell us what you think
You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.