Uploaded Tigger aka Syzor.A
This is a very sophisticated piece of malware:
- uses a privilege escalation vulnerability
- It disables Windows Defender, Windows Firewall, Outpost, Avira, Kaspersky, AVG, and CA products
- It installs a rootkit that runs in safe mode
- it disables kernel debuggers
- Keylogger functionality: logs keystrokes, collects system information, takes screen shots, hooks COM for spying on browser events, and exports passwords, it steals web cookies and certificates
- it puts the NIC in promiscuous mode to sniff FTP and POP3 passwords.
And so far, nobody is exactly sure how it's being distributed.
So, we malware-analysis-experts, we have work to do!
How is this trojan distributed?