Backdoor.Spikeddos (Symantec); Trojan.Win32.Yoddos (Ikarus)
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It performs denial of service (DoS) attacks on affected systems using specific flooding method(s).
It deletes itself after execution.
This Trojan drops the following copies of itself into the affected system and executes them:
(Note: %Windows% is the Windows folder, where it usually is C:\Windows on all Windows operating system versions.)
This Trojan registers itself as a system service to ensure its automatic execution at every system startup by adding the following registry entries:
HKLM\SYSTEM\ControlSet001\Services\WinHelp32DisplayName = WinHelp32 Service
HKLM\SYSTEM\ControlSet001\Services\WinHelp32ImagePath = %Windows%\WinHelp32.exe
Denial of Service (DoS) Attack
This Trojan performs denial of service (DoS) attacks on affected systems using the following flooding method(s):
This Trojan performs DNS requests to the following sites: