Trojan.WinLNK.Runner
Trojan.WinLNK.Runner is the definition of a (backdoor) Trojan. Its first known detection so far, dates back to December 9th, 2011, according to McAfee Labs. There are several variants of this malware so far, like (i.e.) Trojan.WinLNK.Runner.ea or Trojan.WinLNK.Runner.jo, and many more. This Trojan does not self-replicate.
The LNK-extension shortcuts itself to a folder, file or a program and launches mostly a malicious executable. Usually these files are then used by worms to spread via USB or other external drives. Distribution channels may include email, malicious and/or hacked Web pages, (IRC), peer-to-peer networks and several others. Some examples of executable file locations:
:::::::::::::::::::*RECYCLER\0xD80A89C7.exe
:::::::::::::::::::*RECYCLER\37e32d80.scr
:::::::::::::::::::*Trashes\b3fdadef.com
:::::::::::::::::::*Trashes\e2a38afd.pif
Top 5 countries Attacked in 2016
- India 18.36 %
- Vietnam 13.67 %
- Mexico 4.39 %
- Algeria 4.27 %
- Russia 3.79 %
Other aliases
- W32/IRCBot.gen (McAfee)
- Worm:Win32/Dorkbot!lnk OR
- Worm:Win32/Vermis.gen!lnk (Microsoft) & Ikarus
- LNK/AutoRun (Fortinet)
See also
- Trojan.WinLNK.Agent
External links
- Analysis of a file at VirusTotal