The anti-virus specialist Norman warns against the Trojans Belmoo that was found on Tuesday morning on the website of the Nobel Peace Prize. Malicious code uses a vulnerability in Firefox, Web browser. Other sites could be infected by the Trojan.
Early Tuesday morning, the Trojan Belmoo has spread through the official website of the Nobel Peace Prize. The authors of the malicious code have not been too careful: the variant Belmoo. It was neither compression nor protected by encryption before the anti-virus detection.
So far, the Trojans used to propagate only a vulnerability in the Firefox versions 3.5 and 3.6. A security update is currently being distributed. As a workaround, Mozilla had recommended to disable javascript. Who does not know the manual way, can also use the Firefox plugin NoScript Belmoo.
Once the Trojan infects a computer successfully, then he puts the following entries in registry.
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run
the following value:
"Microsoft Windows Update" = "[WINDIR] \ temp \ symantec.exe"
When the infected system boots the Trojan attempts to connect to two IP addresses that indicate server in Taiwan. The connection attempts are unsuccessful, the Trojan at irregular intervals sends more queries.
Current anti-virus programs should recognize the Trojan as such and prevent infection. In the event that a system is infected, Norman Malware Cleaner offers with a free tool for complete cleanup at.
