Welcome to the Virus Encyclopedia of Panda Security.
It downloads several files from a certain website and uses rootkit techniques in order to hide them. It creates a proxy server and harvests information, such as the connection speed of the affected computer.
|First detected on:||Oct. 25, 2006|
|Detection updated on:||Oct. 25, 2006|
|Yes, using TruPrevent Technologies
ProxyServer.D is a Trojan that downloads several files from a certain website and uses rootkit techniques in order to hide them. It also installs a driver on the affected computer and creates a proxy server on a random port.
Additionally, it attemps to download the ICQ program from a certain website, in order to measure the connection speed of the affected computer and sends a ping to several IP addresses in order to know the speed of response.
Then, it sends the gathered information to a certain website.
ProxyServer.D does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, floppy disks, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.
ProxyServer.D is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.>