Brief Introduction of Trojan.Win32.Bublik.cfgi
Trojan.Win32.Bublik.cfgi is a new detected Trojan Horse that mainly attack emails. According to the analysis report by Global PC Support Center that the Trojan is generated by a kit named Bublik and is designed to help spread vicious codes through social engineering tools including email. Commonly, Trojan.Win32.Bublik.cfgi may:
- Lower Internet browser security.
- Disable the computer's firewall.
- Steal user and computer information.
- Allow unauthorized access and control of an affected computer.
Trojan.Win32.Bublik.cfgi Payloads
Trojan.Win32.Bublik.cfgi copies itself into multiple pieces and injects them to some pivotal sections, such as startup configuration, Database, drivers concerning security service and browser settings. Besides, Trojan.Win32.Bublik.cfgi would generate Mutex to guarantee that only one piece of copy is executing at a time and add the execution into explorer.exe. In such case, build-in security applications would encounter difficulty in tracing down the Torjan horse and remove it automatically as explorer.exe is considered to be legit and normal.
