OREANDA-NEWS. June 30, 2011. Search engines are evolving rapidly for greater user benefit with perfected request processing algorithms that bring greater speed and relevance of returned search results. However, virus makers surely don't disdain modern technology. A new modification of the Trojan.VkBase.47 discovered by Doctor Web's virus analysts can download multiple malware onto the victim's computer according to a list received from a server in the Internet.

To date it is the forty-seventh modification in the Trojan.VkBase..family which have been keeping users on the alert for more than seven months. This Trojan horse is designed by criminals to covertly download various malicious programs onto a victim's machine. In order to obtain a download list it sends a search request to a number of servers over the Internet.

In the infected system Trojan.VkBase.47 copies itself to the Windows installation folder and then creates a registry section HKLM \ SOFTWARE \ services32.exe. There it creates a number of entries to monitor the impact of the system infection. At the same time the Trojan horse creates a special log file, which will contain information about all currently running processes. If identifiers of standard anti-virus modules are found among them, Trojan.VkBase.47 exits. Otherwise, the Trojan horse indexes entries related to Windows security in the registry, stops the Windows Firewall and changes security parameters of the Attachment Manager - it disables warnings that appear when one attempts to run executables, downloaded from the Internet, in the system.

When done, Trojan.VkBase.47 saves a script file for the command interpreter cmd.exe onto the disk and launches it. This script in turn copies the Trojan horse executable file as svchost.exe to the subfolder \ Update.1 of the system directory, adds the file entry to the registry autorun branch, disables User Account Control, and adds itself as a Windows Firewall exception. Once launched simultaneously with the operating system, the malicious program implements its main task: it connects to multiple remote nodes, receives a list of IP-addresses to which the Trojan horse sends queries to find new malicious applications, and then downloads and installs them onto the infected computer.

The most dangerous feature of Trojan.VkBase.47 is its ability to search and install a wide range of malicious programs on infected computers. Doctor Web recommends users that they remain vigilant and scan computer disks with Dr.Web.