Nytro Posted July 31, 2012 Report Posted July 31, 2012 New Trojan “Aida1” has been Identified 2012-07-28Hi After we ran our new Security Tool “Venak Could Technology” ( it’s not on public now, it’s on Maintenance ) we identified new Trojan called “Aida1”This Trojan used new Social engineering techniques to force computer users to execute the Trojan by user’s Rights click; also the Trojan has been spreadBy local Iranian Video Services ( “Aka Iranian YouTube” ) www.aparat.comAs you can see the Trojan used lots of Enumeration Functions like Files and process and Etc.The attacker or attackers upload some free videos there and then attached this Trojan into comments part. MD5: 9c7002442ee10ee02d338e96708fb619 SHA1: dfdd88fc876d43a612d152e8c866619289255ff8 SHA256: a163d452b3d91e195ed9ece81ad5df331ca56a93baf488750079dd9776bf3913Also Aida1’s Trojan used Internet Explorer Rights to bypass user’s Firewalls or Internet Security tools.Attackers sent a Message for someone – Aida is name of a Female Girl in Persian languageWe identified the other version of same Style worm which is used same trick to bypass most Anti Viruses and Internet Security solutions.As you well know most of Anti Viruses will be monitor the .exe files for hunting worms, but this worm will be Ran on “.Tso” file extension not “.exe”The system administrators or power user could not capable to detect the worm via Security tools like Task manager or Process explorer or anti Rootkits.PID 3748 is the Target Worm ( Process Explorer Can’t Verify that because it used the unusual Character ) But it is very similar to the original windows Service.The Worm’s file extension is “.Tso” not “.exe” – Venak and Avenak MPS Edition resultIf you had any comments and Questions you can ask it Via our Support Team at idea@u0vd.org or Support@u0vd.orgPast week “Mehdi” or “Madi” worm was detected worldwide, this week “Aida1” ,we remembered the Alice and Bob ! , what the Nice Couples in Virus World !Thanks, Support Team.Sursa: http://u0vd.org/index3.htm Quote
