Fleercivet

Fleercivet is a click-fraud trojan. It is typically spread by malware downloaders and drive-by downloads. Many compromises result from victims opening infected email attachments. Once present, Fleercivet can spread its files across a system, making it especially difficult to remove. It also may modify a registry subkey to launch automatically at system startup. The trojan has several capabilities: collect information, including files from your hard drive and online passwords; distribute additional malware; and automatically click on online ads. It injects code into Internet Explorer, Firefox, and Opera browsers and uses them to generate revenue from advertisements. It can also connect your infected device to remote hosts using port 80.

Technical Analysis

  • Digital Forensic Corp provides a video detailing the technical analysis of the Fleercivet trojan, here.
One example of the Fleercivet trojan. Image Source: Digital Forensic Corp

One example of the Fleercivet trojan. Image Source: Digital Forensic Corp