During installation, the file saves its configuration to the following file:
The rootkit/trojan is designed to flood victims with spam. When launched, it attempts to download the spam that is forwarded to the victims.
After that, it will download a list of emails from the following domain.
It will forward the downloaded spam to the email addresses on the list.
- Securelist (Kaspersky Labs), Rootkit.Win32.Tibia.aev