Erotpics Trojan, adults only
The Erotpics Trojan arrives primarily on computers in unsolicited mail.
Az Eroticpics spreads in spam that promises users pictures and videos of adults. If the recipient of the mail gives in to the temptation, opening the attached file in the emails will immediately infect your computer.
The Trojan then creates a Windows service and modifies the registry. This feature ensures that Windows can load automatically every time Windows restarts.
The main task of the Trojan is to leak system information from infected systems and then download additional malicious files over them via the Internet.
When the Erotpics Trojan starts, it performs the following actions:
- Create the following file:
% System% \ CbEvtSvc.exe - Creates a Windows service called “CbEvtSvc”.
- The following entries are added to the registration database:
HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Enum \ Root \ LEGACY_CBEVTSVC
HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Services \ CbEvtSvc
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBEVTSVC
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc - Sends system information to a remote server.
- It downloads malicious files over the Internet.
