Trojan:Win32/Nedsym.A is a trojan that distributes spam email messages. It also collects information about the affected computer, and sends it back to its command and control (C&C) server.
Trojan:Win32/Nedsym.A may be distributed through compromised websites. In the wild, we have observed the trojan being installed using the following file name:
Contacts remote host & distributes spam
Trojan:Win32/Nedsym.A retrieves configuration data from its C&C server "spm.freecj.com". This data contains information on spam templates and what Simple Mail Transfer Protocol (SMTP) server it can use.
Trojan:Win32/Nedsym.A also reports the following information back to its C&C server.
- Bot id
- Computer name
- Computer speed
- System uptime
- Number of successful sent mail
- Number of failed sent mail
- Number of sent mails without receive or reject confirmation
- Percentage of delivery
- Time of last email sent
- Last SMTP server used
This trojan has a built-in SMTP engine and can be used to send bulk unwanted email (spam).
The trojan uses the following access pages to communicate with the C&C server:
Analysis by Zarestel Ferrer
The following system changes may indicate the presence of this malware:
- The presence of the following file: