TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
TROJ_MEDBOT.AI
Overview
Solution

Malware type: Trojan

Aliases: Trojan-Proxy.Win32.Horst.za (Kaspersky), Trojan.Lootseek.AV (Symantec), TR/Proxy.Horst.Gen (Avira), Mal/Horst-E (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 Low

Description: 

NOTE: This Trojan is part of a complex attack initiated by the MEDBOT family. The attack employs multiple components that work together to achieve a common goal. Read a comprehensive description of the malware family here: The MEDBOT Menace.

This Trojan usually arrives on a system as a dropped or downloaded file of other malware from a remote site.

Upon execution, it drops files in the Windows system and Windows folders. It creates a certain registry entry so that it automatically executes at every system startup.

It acts as a proxy server that opens a random port, where it listens for commands from remote malicious users. As a proxy server, it allows the malicious users to hide their original location since connections can only be traced to the system where this Trojan is installed.

For additional information about this threat, see:
Solution
Technical Details

Description created: Sep. 13, 2006 8:36:10 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.