Tuesday, November 13, 2012

New Windows Trojan - Trojan.Gapz.1

Trojan.Gapz.1 - is bootkit implements functions and the ability to hide its presence in the infected system. In this application are fairly interesting mechanisms infecting computers.

Trojan.Gapz.1 capable of running both 32-bit and 64-bit versions of Windows. the procedure of installing the malicious program varies depending on the platform. The Trojan is also able to actively use the vulnerability number of system components, which allows him to perform a specially crafted code.

The installer has been attempting bootkit bypassing the UAC (User Accounts Control, UAC), preventing unauthorized execution of executable files in the system by exploiting vulnerabilities Graphics Windows.

Trojan.Gapz.1 then analyzes the structure of the infected computer's hard drive, creates a special image and places it in the reserved sectors of the disk. The Trojan modifies one field in the boot sector of the disk, and thus makes the boot load up and run a malicious application.

Rootkit Trojan.Gapz.1 - core complex malicious program, which aims to create an environment for the Trojan downloads other components. During its launch Trojan.Gapz.1 loading a binary disk image that contains a set of several modules and configuration data. These modules are blocks of a specially assembled code which its processing interacts with its own API rootkit. One of the modules has the ability to connect to a remote command center, and from there download executable files. recorded a download malicious application designed to work with a payment system UCash.


No comments:

Post a Comment