My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Trojan.BAT.AACL

MEDIUM
LOW
aprox 2 kb

Symptoms

The preferred DNS server for the internet connection is changed to 188.210.[REMOVED]

Removal instructions:

Please let BitDefender disinfect your files. Afterwards, the user can manually change the preferred DNS server address to the correct value.

Analyzed By

Mihai Andrei Livadariu, virus researcher

Technical Description:

The trojan is a Windows batch file which comes packed alongside a known application for iPhone jailbreaking. The bundle can be downloaded from an illegitimate site which claims to offer a new version of the application,  http://[REMOVED]/blackra1n.exe
Once the user executes the downloaded file, the trojan is deployed and executed without the user's knowledge. It attempts to change the preferred DNS server address for several possible internet connections on the user's computer to 188.210.[REMOVED]
The names of the connections affected by the trojan are:

Local Area Connection
wireles network connection
Local Area Connection 2
Local Area Connection 1
wireles network connection 1
wireles network connection 2
LAN
LAN 1
LAN 2
WAN
WAN 1
WAN 2

After the trojan is executed, the aforementioned application starts so that the user will not realise the computer has been compromised.