- Threat Encyclopedia
- Malicious URL
- http://u.{BLOCKED}on.pl/p/c1.php
BKDR_LIFTOH.DLF connects to this URL to send and receive commands from a remote malicious user. It spreads by using two worms, which use multi-protocol instant messaging (IM) apps like Quiet Internet Pager and Digsby.