Trojan.Tenagour.9 helps attackers in DDoS attacks

    Hello!

    Warns of the spread of the Trojan.Tenagour.9 malware. This Trojan is an “advanced” tool for cybercriminals carrying out DDoS attacks on various Internet resources.

    Trojan.Tenagour.9 consists of two components: an injector and a dynamic library that stores the payload.

    After launching in the operating system, the Trojan checks for the presence of its installed copy and, if one is missing, it is saved in one of the folders under the name smss.exe, after which it registers itself in the branch of the system registry responsible for the automatic launch of applications.

    Then Trojan.Tenagour.9 sends a request to the remote command server containing information about the version and bit depth of the operating system, the MD5 hash of the name of the infected computer, and the serial number of the first partition of the hard disk.

    In response, the Trojan receives an encrypted string containing the URL of the site to be attacked, and several auxiliary parameters.
    In addition, a directive to update the Trojan can be received from a remote command center.

    image

    The Trojan allows you to carry out 8 types of DDoS attacks on various Internet resources using the TCP / IP and UDP protocols, GET and POST methods.

    It also provides the functionality of automatically adding to the list of attacked resources all links found on the site specified by the attackers.

    The signature of this threat has been added to Dr.Web virus databases.

    Also popular now: