New trojan Win32/Hexzone. AP spreads with great speed
April 27, 2009, 7:06 pm
The company`s specialists ESET warned of the proliferation of a global network of new Trojan programs Win32/Hexzone. AP. Malware detected by using technology for early detection of new threats ThreatSense. Net. Trojan communicates with command and control server using HTTP. Infected computer becomes part of virusopisatelyam control by bot-net, which can be used to send spam, DDoS-attacks and to download other malicious software. Win32/Hexzone. AP is packed with a standard packer that is used for harmless files. The program initiates multiple access GUI API, which can mislead the system of protection and virus expert, as such behavior is characteristic of a legitimate application. the source of Win32/Hexzone. AP is in the UK. In the same country, found the command and control server, which interact with the infected PC. However, both servers use the domain names registered in Russia. Specialists ESET has recorded cases where Hexzone. AP installed on your computer malicious software with Russian interface. The main function of this software - extortion. At this time, the Trojan program successfully detected heuristically methods. According to statistics ESET, the Trojan is not yet included in the twenty most common global threats. But just last week experts of the company recorded 140 thousand cases of detection of the threat on the Internet.