MagicControl
Category: Trojan
Risk:
Severe Risk
* Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.
Description: MagicControl is a trojan designed to avoid avoiding personal firewall software. The software contacts its controlling servers at secure-firewall.com and nocreditcard.com and passes what seems to be a block of encrypted data, the contents of which are unknown. Then, it attempts to download certain files, some of which are upgraded versions of itself while some are .DLL files it uses for its malicious routines, from the following Web site: http://dev-download.nocreditcard.com/download/Object/mc/ The downloaded .DLL files are capable of downloading files from the Internet and terminating certain system processes. This Trojan looks for the following processes and terminates them, if they are running: SYMPROXYSVC.EXE SMC.EXE PERSFW.EXE AGENTW.EXE ZONEALARM.EXE BLACKICE.EXE While this Trojan downloads updated copies of itself to replace its older copy, it does not delete the files used by the previous version.
Alias: Persis, MagicControl.MC, MagicControl.Wintrim, MagicControl.Wincomp, MagicControl.Winmgts, TROJ_WINT
Signatures:
process: MAGICON.EXE: MD5 Hash:
process: SIMCSS.EXE: MD5 Hash:
process: NAVPMC.EXE: MD5 Hash: ..
Copyright @2006 THR Computer Solutions: MagicControl