Threat Database Trojans Trojan.Win32.Genome.ebmm

Trojan.Win32.Genome.ebmm

By ZulaZuza in Trojans

Trojan.Win32.Genome.ebmm is the name of a specific Trojan infection, when that infection is detected by Kaspersky security products. The software company F-Secure also uses the name Trojan.Win32.Genome.ebmm to refer to the same malware. If Trojan.Win32.Genome.ebmm is detected on your machine, it is very likely associated with rogue anti-virus software or command-and-control functions for a botnet. In other words, when Trojan.Win32.Genome.ebmm is detected on your PC, the security of your computer is at serious risk.

What Does the Name “Trojan.Win32.Genome.ebmm” Mean, Anyway?

Trojan.Win32.Genome.ebmm is not the name of more than one Trojan, and Trojan.Win32.Genome.ebmm is not a "generic" name that refers to a family of malware. Rather, Trojan.Win32.Genome.ebmm is a specific Trojan in the Genome family. The name is in sections, from most general classification to most specific, which is a pretty standard way of designating an individual piece of malware. Here's how it breaks down:

Trojan: The malware is hidden in another file or disguised as something else. You download it by being tricked into downloading it, because it can't spread on its own.

Win32: This Trojan affects all computers running 32-bit versions of Windows. That includes everything from XP through Windows 7.

Genome: This is the name of the largest and most prolific family of Trojans that is currently active. "Genome" is used to refer to Win32 Trojans that combine multiple functions or attacks, such as keyloggers, downloaders, droppers, etc., in a single piece of malware.

Ebmm: This is a specific Win32 Trojan in the Genome family. The four letters indicate which version of the Trojan was received by Kaspersky as a sample, based on how many versions came before it. The first variety of Trojan.Win32.Genome would have been Trojan.Win32.Genome.a, the second would be Trojan.Win32.Genome.b, and so on. When it uses the alphabet's 26 letters, a second letter is added. Then you have Trojan.Win32.Genome.aa, .ab, etc., and when you get to the end of the alphabet, you start with Trojan.Win32.Genome.ba, .bb, and so on.

Therefore, "Trojan.Win32.Genome.ebmm" indicates that this particular sample of Trojan.Win32.Genome was the 17,589th member of the Trojan.Win32.Genome family that Kaspersky identified, which was around December 2009.

What is Known About What Trojan.Win32.Genome.ebmm Does?

There are reports of Trojan.Win32.Genome.ebmm functioning as a Trojan downloader, which is one of the most common varieties of Trojan that is used to spread rogue anti-virus software. There are also a handful of reports that Trojan.Win32.Genome.ebmm acts like a worm and replicates itself to physical drives, but these claims don't make any sense. Trojans, by definition, are incapable of copying themselves or spreading themselves, and they rely on social engineering in order to get people to download them. (It may be the case that Trojan.Win32.Genome.ebmm downloads a worm, since that certainly is within the realm of its capability.) Therefore, the only thing that can be said about Trojan.Win32.Genome.ebmm with any degree of certainty is that Trojan.Win32.Genome.ebmm combines multiple malicious functions, and those functions are the kinds of things that a Trojan is capable of doing or downloading.

Otherwise, it is difficult to isolate Trojan.Win32.Genome.ebmm in order to know what Trojan.Win32.Genome.ebmm does, because the Trojan.Win32.Genome family is so large that it is hard to describe. For example, in 2010, two families of Trojans – Genome and Hupigon – caused more infections than were caused by all malware combined in 2007. Literally hundreds of new variations of Trojan.Win32.Genome are released every single day. Without exaggeration, the threat posed by the Genome family of Trojans is massive. So if you have anything in the Genome family showing up on your PC, act with caution and safely remove the malware as quickly as possible.

Registry Details

Trojan.Win32.Genome.ebmm may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ XTray.exe
KEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ XTray.exe

Trending

Most Viewed

Loading...