Trojan.WinLNK.Runner

Trojan.WinLNK.Runner is the definition of a (backdoor) Trojan. Its first known detection so far, dates back to December 9th, 2011, according to McAfee Labs.[1] There are several variants of this malware so far, like (i.e.) Trojan.WinLNK.Runner.ea or Trojan.WinLNK.Runner.jo, and many more. This Trojan does not self-replicate.

The LNK-extension shortcuts itself to a folder, file or a program and launches mostly a malicious executable. Usually these files are then used by worms to spread via USB or other external drives.[2] Distribution channels may include email, malicious and/or hacked Web pages, (IRC), peer-to-peer networks and several others. Some examples of executable file locations: [3]

RECYCLER\0xD80A89C7.exe
RECYCLER\37e32d80.scr
Trashes\b3fdadef.com
Trashes\e2a38afd.pif

Top 5 countries Attacked in 2016

India 18.36 %
Vietnam 13.67 %
Mexico 4.39 %
Algeria 4.27 %
Russia 3.79 % [2]

Other aliases

W32/IRCBot.gen (McAfee)[1]
Worm:Win32/Dorkbot!lnk OR
Worm:Win32/Vermis.gen!lnk (Microsoft) & Ikarus [3]
LNK/AutoRun (Fortinet)

External links

Analysis of a file at VirusTotal

References

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.

[autogenerated2-1] W32/IRCBot.gen.bs!lnk - Malware - McAfee Labs Threat Center

[autogenerated1-2] Kaspersky Threats — TROJAN.WINLNK.RUNNER

[autogenerated3-3] Worm:Win32/Vermis.gen!lnk

Trojan.WinLNK.Runner

Top 5 countries Attacked in 2016

Other aliases

See also

External links

References