Yeaknet

Posted: March 28, 2006

Yeaknet is a dialer that connects a compromised PC to the Internet by dialing a high-cost phone number using a modem. The threat silently contacts remote web servers and receives additional components and instructions that provide access to pornographic Internet resources. Yeaknet also changes the Internet Explorer default home page and alters web browser's essential security settings. The dialer can get into the computer while visiting some web sites. However, the user must agree to the installation.

File System Modifications

The following files were created in the system:

# File Name

1 a516_638_7_ax.exe

2 rasphone.pbk

#	File Name
1	a516_638_7_ax.exe
2	rasphone.pbk

Registry Modifications

The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainStartPage=[siteaddress]HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternetSettingsoneMapDomainsyeak.netHKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternetSettingsones2Flags=43

Yeaknet

File System Modifications

Registry Modifications

Leave a Reply