- Threat Encyclopedia
- Malicious URL
- http://t.{BLOCKED}b.pl/p/c1.php
BKDR_LIFTOH.DLF connects to this URL to send and receive commands from a remote malicious user. It spreads by using two worms, which use multi-protocol IM apps like Quiet Internet Pager and Digsby.