The company «Doctor Web,” warned of spreading malware Trojan.Tenagour.9. This Trojan is an “advanced” tool for criminals engaged in DDoS-attacks on various Internet resources.
Trojan.Tenagour.9 consists of two components: the injector and the dynamic link library, which stores the payload. Once launched, the Trojan in the operating system checks its set up and, if absent, stored in a folder named smss.exe, then registers itself in the branches of the registry is responsible for automatically launching applications. then sends Trojan.Tenagour.9 to a remote command request to the server containing the data bit version and operating system, MD5-hash of the infected computer name and serial number of the first hard disk partition. In response, the Trojan gets the encrypted string containing the URL of the site, which will be carried out the attack, and some auxiliary parameters. In addition, from a remote command center can be obtained from the directive to update the Trojan. Trojan allows eight types of DDoS-attacks on a variety of Internet resources using the TCP / IP and UDP, the GET and POST. It also provides functionality to automatically add to the list of resources targeted by all the links found on the specified site by hackers.