VBS.Sojax

Document programs that have obsolete version of security are the primary target of VBS.Sojax. The result of infection could be devastating because it will give an attacker to control the PC from a remote place.

VBS.Sojax is a Visual Basic Script Trojan that opens a backdoor on compromised computer, which will allow a remote attacker to take full control of it. The Trojan may also monitor system activities and steal sensitive information and other significant data. Using malicious documents, VBS.Sojax will enter the computer by exploiting several security breaches in Adobe Flash, Adobe Reader and MS Office.

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Windows Vista

Characteristics
Once VBS.Sojax is executed, it will drop malicious files under Temporary folder. Next, it will gather the following information and store it in a folder under C:\Windows\NtUninstallKB\:

  • Running processes on the infected computer
  • Critical network information such as IP Address, DNS and relevant configuration
  • Computer information like user name, Operating System version, hardware profiles and many more
  • Files including attributes on all drives found on the compromised system

Lastly, Trojan VBS.Sojax will configure Windows to open a backdoor that will allow a remote attacker to initiate the following:

  • Upload and download files to and from a specified server
  • Run .CMD commands

Distribution
The Trojan will arrive as an attached document file such as .PDF and .DOC to spam email messages. To launch an attack, this Trojan will exploit security breaches and will take advantage of vulnerabilities in Adobe Flash Player, Microsoft Office RTF File, Adobe Acrobat and Adobe Reader. T

Leave a Reply

Your email address will not be published. Required fields are marked *