Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » W32/Ryknos.A

Overview

Threat Risk LOW LOW
Destructivity MEDIUM MEDIUM
Payload Gives unauthorized access to computer.
Detection files published
Description created 10 Nov 2005 07:35:00
Description updated 10 Nov 2005 07:35:00
Malware type TROJAN
Alias Win32.Ryknos.A
Backdoor.Breplibot.B
Troj/Stinx-E
Spreading mechanism
Summary None

W32/Ryknos.A

Spreading

n/a

Payload Details

This backdoor trojan installs itself in the System directory of the affected computer where it will connect to an IRC server and join a specified channel. After announcing its presence this way it will allow an attacker to perform certain actions. Among commands possible, the attacker can get system information about the infected computer, and can upload, execute and delete files. The backdoor can also be directed to update itself by connecting to a specified website and download/execute the file it finds there.
It will attempt to add itself as a trusted process with the Windows Firewall.
This trojan is special in that it will attempt to use the presence of Digital Rights Management (DRM) software to hide in the system. This software, developed by First 4 Internet, is distributed on some Sony BMG CD releases, and can in some circumstances very successfully hide the presence of other software components. This link explains how to uninstall this software: http://cp.sonybmg.com/xcp/english/updates.html

Analysis

n/a

Removal

The trojan was proactively detected using the Lumension Sandbox technology.


Last Updated: 12 Nov 2015 11:06:11