Trojan.Spy.YEK Trojan Designed for Corporate Surveillance

Recently, security firm BitDefender raised warning against a malware called 'Trojan.Spy.YEK', which looks for important information and archives that may include some personal information and sends that to the cybercriminal. This malware has begun to be used compromise important corporate information. The security firm further stated that, since this malware includes both features i.e. backdoor and spying, it's a critical threat, as reported by NETWORKWORLD on November 11, 2010.

With an encrypted .dll (Dynamic-link library) in its cover, this Trojan simply saves itself in windows\system32\netconf32.dll. Once it is inserted in the explorer.exe no one can stop it from it linking to some meeting spots with the cybercriminal.

The backdoor component allows the Trojan to register as a service to get commands from their creators, while the component of spyware sends data regarding the documents stored on the system, operating system, processes that are operating on the system, etc., while also preparing screenshots of continuing processes.

Few of the commands that it is believed to execute are: sending gathered files and documents utilizing a GET request, sending information about the operating system and PC, taking screenshots and sending outcomes, registering the processes that are running on the machine and sending them away, locating files with a specific extension. To be precise, it uploads all the important information on a FTP (file transfer protocol) server without the knowledge of users'.

According to the security experts, this Trojan, Trojan.Spy.Yek finds everything associated with the documents, e-mails (.Eml, .Dbx), address books (.Wab), and databases (.Doc, .PDF, etc.) etc. and is created especially for the purpose of industrial spying and targets only private data firms.

Commenting on the issue, Jocelyn Otero, BitDefender Marketing Director for Spain, Portugal, and Latin America stated that, after possessing this information cybercrooks can exploit them to sell information, attack company's social security and even blackmail, as reported by CasaCocheCurro on November 12, 2010.

BitDefender Malware Researchers Doina Cosovan and Octavian Minea stated that the Trojan can operate, without flaws, on every version of Windows ranging from Win 95 to win 7, as reported by NETWORKWORLD on November 11, 2010. They recommended that users should install an antivirus protection against this virus.

Related article: Trojans to Target VoIP in 2006

» SPAMfighter News - 11/19/2010