The preferred DNS server for the internet connection is changed to 188.210.[REMOVED]
Please let BitDefender disinfect your files. Afterwards, the user can manually change the preferred DNS server address to the correct value.
Mihai Andrei Livadariu, virus researcher
The trojan is a Windows batch file which comes packed alongside a known application for iPhone jailbreaking. The bundle can be downloaded from an illegitimate site which claims to offer a new version of the application, http://[REMOVED]/blackra1n.exe
Once the user executes the downloaded file, the trojan is deployed and executed without the user's knowledge. It attempts to change the preferred DNS server address for several possible internet connections on the user's computer to 188.210.[REMOVED]
The names of the connections affected by the trojan are:
Local Area Connection
wireles network connection
Local Area Connection 2
Local Area Connection 1
wireles network connection 1
wireles network connection 2
After the trojan is executed, the aforementioned application starts so that the user will not realise the computer has been compromised.