Bloodhound.MalPE

Bloodhound.MalPE is a generic detection created to identify malicious files and threats that are related to Backdoor.Tidserv family of Trojan. Detected Bloodhound.MalPE files are believed to be malicious and can cause serious security risks on the computer and its network environment.

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Windows Vista

Characteristics
Upon execution, Bloodhound.MalPE will drop the following file on Windows Temp directory:
%Temp%\WINDOWS\TEMP\00000000.TXT
%Temp%\WINDOWS\TEMP\00000000.ZIP
%Temp%\WINDOWS\TEMP\NSD399.tmp
%Temp%\WINDOWS\TEMP\00000000.Exe

The following directories are also created to dump its files:
%Temp%\WINDOWS
%Temp%\WINDOWS\TEMP

Bloodhound.MalPE is associated with another Trojan that purposely developed to generate profit for its authors. This Trojan performs actions to enhance the presence of another Trojan in order to execute the tasks absolutely.

Some functionalities of Bloodhound.MalPE include the following:

  • Monitors Internet browser activity of the compromised PC
  • List all running processes that belongs to security products such as anti-virus and firewall
  • Deactivate security software to make the infected computer helpless and avoid Trojan removal
  • Connects to a remote server and download additional malware
  • Remains undetected by injecting itself to legitimate Windows process

Distribution
Bloodhound.MalPE is spread on the Internet through malicious links posted on compromised web sites like forums and blogs. Social networking sites, Instant messaging applications and spam email messages are also found helping the Trojan reach its target.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *