Welcome to the Virus Encyclopedia of Panda Security.
The main objective of Brontok.GS is to spread and affect other computers.
It avoids being detected by the user by using the following techniques:
- It terminates processes belonging to several security tools, such as antivirus programs and firewalls, so they cannot warn the user of the presence of this malware on the computer.
- It deletes the original file from which it was run once it is installed on the computer.
It uses the following techniques to impede detection by antivirus companies:
- It prevents scanning tools from running, such as Windows Registry Editor, FileMonitor, etc.
It reduces the security level of the computer:
- It terminates processes belonging to security tools, such as antivirus programs and firewalls, leaving the computer defenseless against attacks from other malware.
- It changes system permissions, decreasing the security level.
Means of transmission
Propagation via mapped drives:
Brontok.GS checks if the infected computer is connected to a network.
If so, it makes an inventory of all mapped drives and creates a copy of itself in each of them.
Propagation through shared network resources:
Brontok.GS checks if the infected computer is connected to a network. If so, it tries to spread to the shared network drives.
To do this, it tries to gain access to these shared drives, using typical or easily guessed passwords.
Brontok.GS has the following additional characteristics:
- It is 15804928 bytes in size.