TSPY_FITMU.B
October 09, 2012
ALIASES:
TrojanSpy:Win32/Fitmu.B (Microsoft)
PLATFORM:
Windows 2000, XP, Server 2003
OVERALL RISK RATING:
REPORTED INFECTION:
SYSTEM IMPACT RATING:
INFORMATION EXPOSURE:
Threat Type: Spyware
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
TECHNICAL DETAILS
File Size:
251,392 bytes
File Type:
EXE
Memory Resident:
Yes
Initial Samples Received Date:
13 May 2010
Arrival Details
This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Autostart Technique
This spyware adds the following registry entries to enable its automatic execution at every system startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
sniffer = "{Malware Path and File Name}"
Other Details
This spyware connects to the following possibly malicious URL:
- http://{BLOCKED}a.com
- http://{BLOCKED}i.com