By ZulaZuza in Trojans

Medfos is a dangerous family of Trojans with several variants. ESG malware analysts consider Medfos to be severe threats to computers around the world and recommend ensuring that your anti-virus program is up-to-date to be certain that your machine is safe. Medfos Trojans are usually designed to cause browser redirects, meaning that they are closely associated with browser hijackers. Basically, Medfos download and install malicious plug-ins for the victim's web browser, allowing criminals to monetize the Medfos infection by taking advantage of affiliate marketing schemes and other online traffic-related business. Medfos variants in the wild have been associated with the Black Hole Exploit Kit, a well known exploit kit used to take advantage of software vulnerabilities in victims' computers in order to install malware. Medfos Trojans will often be bundled with the Sirefef rootkit and be installed by variants of the Beebone Trojan downloader.

Recognizing a Medfos Infection on Your Computer

Medfos and its variants make several changes to your computer's settings. The purpose of these changes is to force your Web browsers to visit particular websites against your will. These redirects will typically take place after carrying out a search on Google and other popular search engines. Medfos will usually be installed in the form of malicious DLL files which will also result in the installation of a malicious Web browser plug-in on your computer. Medfos variants can also be recognized by the harmful changes these Trojans make to the Windows Registry. The purpose of these changes is to ensure that the malicious DLL files associated with Medfos run automatically at certain times (such as when the victim starts up the infected computer).

Understanding the Payload of a Medfos Trojan Infection

Medfos Trojans will establish a connection with a remote host. Many variants of Medfos attempt to connect to the IP address after infecting a computer. Once Medfos establishes a connection, the Medfos variant attempts to download and install malicious DLL files associated with this threat. This second DLL file contains the search engine redirect component of the Medfos attack. The results of a Medfos infection, apart from browser redirects, include pop-up windows containing advertisements, unauthorized changes to your web browser settings (such as changing your homepage or lowering your security settings) and performance problems with your computer and your Internet connection (such as increased load times for any web page viewed on your web browser).

File System Details

Medfos may create the following file(s):
# File Name Detections
1. %TEMP%\btpse.dll

Related Posts


Most Viewed