GiftCom
GiftCom is an Internet worm that spreads to other PCs through unpatched security vulnerabilities and via instant messages using popular chat applications including ICQ, AIM, MSN Messenger and Yahoo! Messenger. The spyware sends bogus messages containing links to malicious files to all the contacts in the victim's buddy list. Once the user follows such a link, GiftCom is silently downloaded and installed to the computer. The worm comes with a rootkit that hides all harmful processes and files from most antivirus tools. The GiftCom's payload is comprised of several malicious functions. First of all, the worm disables some Windows essential components and terminates running antiviruses and security-related applications. Then it runs a backdoor component, which provides the attacker with unauthorized remote access to the compromised PC. The intruder can log user keystrokes, set up a hidden FTP server, intercept network and Internet traffic, contact specified web resources and steal user sensitive information. GiftCom can also change the web browser's default home page and download a variant of the Sdbot worm. The threat automatically runs as a service on every Windows startup.
File System Modifications
- The following files were created in the system:
# File Name 1 winrpc.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINESOFTWAREMicrosoftOleEnableDCOM=nHKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdateDoNotAllowXPSP2=1HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaRestrictAnonymous=1HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesMessengerStart=4HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesRemoteRegistryStart=4HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTlntSvrStart=4HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceswinrpc
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.