Suspicious.Cloud is a detection mechanism created to identify new malware threats without using the conventional signatures. Any files identified with this name are deemed harmful. Attackers intentionally morph this malware to evade antivirus scanners. Since Suspicious.Cloud is a usual detection, there are no common symptoms except for an alert initiated when antivirus software detects unnatural activity on the system.
Other Variants: Suspicious.Cloud.2.A, Suspicious.Cloud.7.L, Suspicious.Cloud.7.F
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista
When Suspicious.Cloud enters a computer, it immediately makes some changes on system files. Other variants of this malware may inject a code onto legitimate system processes. Some will just drop essential files on various folders of Windows. Most of these infections can alter the registry. It can make vital changes to load the threat once Windows starts.
If this malware is running on the infected PC, it can execute actions as what is encoded in the virus. Because Suspicious.Cloud is a generic detection, antivirus programs may identify a variation of malware. There are no general sign if the computer is infected with this virus. Hence, security program will issue an alert whenever it sense illicit activity on the system initiated by Suspicious.Cloud. You can view the sample detection on the image below.
The threat is also known to have a downloader function. It can establish a communication line between the compromised computer and a remote server. From this connection, attacker may perform the following actions:
- Drop and execute other threats on the compromised computer
- Download a configuration file and update the threat
- Modify Internet browser’s homepage and redirect searches to unknown web sites
- Monitor Internet browsing activity of victims
- Display advertisement and pop-up messages
Suspicious.Cloud spreads through a number of means ordinarily employs by other similar threats. There is also an observation that some malicious links will direct victims to Suspicious.Cloud download page. These links will reach user via spam email messages, instant messaging program and malicious blogs that tackle most recent issues.