Mevade.A
Mevade.A can refer to both a botnet or to a threat that is responsible for integrating infected computers into this botnet. Mevade.A is responsible for an increase in traffic on Tor, a network specifically designed to make online activity anonymous. To date, the exact purpose of Mevade.A is unclear. There are numerous variants of Mevade.A, all of which have been active since at least 2009 under several aliases. Most Mevade.A attacks have been detected in the United States and Japan. However, there are suspicions that Mevade.A was originally created by Russian speakers due to clues in Mevade.A's code and in previous variants of this threat. Like many other threats, criminals disguise Mevade.A as a fake installer for Adobe Flash Player.
Table of Contents
Mevade.A May Be Used for Numerous Unsafe Deeds
Once Mevade.A infects a computer Mevade.A may carry out several malicious tasks. Mevade.A may be used to distribute adware and browser hijackers, send out spam or a variety of other tasks. Mevade.A connects to its Command and Control server using Tor rather than the more traditional (and less anonymous) HTTP. Botnets associated with Mevade.A may be enormous, and the problem may be much more widespread than it was thought. Previous variants of Mevade.A used HTTP to make contact with their Command and Control server. The move to Tor has made Mevade.A more sophisticated and increased the number of victims of this threat.
Mevade.A uses version 0.2.3.25 of Tor to carry out its attacks, although a new version of Tor exists. This has been one of the key factors in determining the increase in Tor traffic and its relationship with Mevade.A. Although malware researchers have determined that Mevade.A is responsible for the massive increase in Tor traffic recently, they still have not determined a clear purpose for Mevade.A. Mevade.A may be designed to install other threats on victims' computers, and that computers in Mevade.A's botnet are actually for sale for use in other types of malware scams or operations (for example, money laundering or concealment of other illegal activities). It is important to note that, despite the fact that Mevade.A uses Tor to communicate with its Command and Control server, Mevade.A can still be detected and removed with reliable anti-malware software that is fully up to date.
File System Details
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %ProgramFiles%\Tor\tor.exe | |
| 2. | Service\049e7fb749be2cdf169e28bb0a27254f\181084e525a65ef540c63d60ce07f836.ct | |
| 3. | %SystemDrive%\Documents and Settings\LocalService\Application Data\tor\state | |
| 4. | Service\049e7fb749be2cdf169e28bb0a27254f\181084e525a65ef540c63d60ce07f836.ph | |
| 5. | %System%\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\cache.00 | |
| 6. | %System%\config\systemprofile\Local Settings\Application Data\Windows Internet Name | |
| 7. | %System%\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\queries-02.cache | |
| 8. | %SystemDrive%\Documents and Settings\LocalService\Application Data\tor\lock |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.