CatClip Is Trojan Dropper
Though it starts with “Adware”, CatClip is a variant of Generic5 Trojan Dropper, “ANHA” is its variant number. “Generic” indicates that CatClip possesses the capability of executing the typical Trojan behaviors:
Opening up backdoor to connect with the remote server for information exchange.
Generating verisimilar system files to keep running and dodge automatic removal by installed anti-virus programs.
Stealing information, if any, stored in the memory or web cookies.
Cleaning vicious log to stop being tracked down.
For now, CatClip has been found to target Windows OS and it rages nowadays to constantly pops up static.icmwebserv.com with meaningless content. The below paragraphs primarily shows how CatClip infiltrates, how it spreads, the reason why Generic5.ANHA manages to resists automatic removal by anti-virus programs and the efficient solution. Read this article completely to gain clear picture about it.
CatClip Infiltration Report
With system or security exploitation method and distribution channels including e-mail, malicious or hacked Web pages, Internet Relay Chat (IRC) as well as peer-to-peer networks, CatClip manages to implant its vicious core file into a target machine. Unlike virus, CatClip does not replicate itself to affect a target system. Instead, it fabricates several executable files that seem to be beneficial or wanted; for example, media-related file and security relevant file. Once an unsuspecting victim clicks on those files, CatClip is woken to start its work:
Adds or modifies Internet Explorer cookies.
Process attempts to call itself recursively.
Enumerates many system files and directories.
Inserts values to critical section such as startup in registry.
CatClip Needs Quick Removal
CatClip has been accessed to be highly risky. However, the real-life situation tells that the Trojan dropper cannot be easily removed and it is capable of resisting automatic removal by even the most reputable anti-virus programs. Thus many victims encounter the following listed troubles:
Multiple system running processes are playing in the background for unknown reason to consume CPU significantly, leading to a sluggish PC performance.
Web pages are directed to some spam sites, resulting in tardy response or even browser crash.
Additional infections/web applications/unknown programs are caught to install without permission.
A lot more files and unknown items are piling up in the local disk to cause error messages from time to time and trigger malfunctions.
CatClip Resists Automatic Removal
With sophisticated algorithms like MD5 and SHA, CatClip is able to protect itself from being modified by any “protectors” and prevent from being followed. Without the exact location of CatClip, anti-virus programs are not able to remove CatClip completely and bring about constant re-image after each reboot. Another reason that security utility fails in removing CatClip is that the Trojan Dropper is running in the background. It works for the same reason you may exit a program before you uninstalling it.
没有评论:
发表评论