Avira Finds Fresh Information-Capturing Trojan

Malware analysts from Avira the German anti-virus company are cautioning that one fresh PC Trojan that steals information, is compromising file shortcuts so that its execution is confirmed over a PC it contaminates.

The Trojan, understandably, hunts the desktop for shortcut files with .lnk extension within an already-specified list of folders. Thereafter it reads those files' targets as well as changes the names of the files to [original_name].exe. Having done so, it replicates itself, names the copies as they were originally as also within the identical folders so that when end-users double-click the shortcuts, the duplicate Trojans begin to run.

Meanwhile, the duplicates carry directions for executing the newly named files following their own execution so that there's no evidence of the hijacking operation and it's covered up.

Elaborates Virus Researcher Alexandru Dinu at Avira, often the user fails to see the replacement of the .lnk files' targets and thereby unable to detect the Trojan for a long time. Softpedia.com reported this on December 14, 2010.

Moreover, according to Avira, the Trojan, while active inside memory, watches browsing sessions to find if the user logs into specific websites such as Google, PayPal, MSN and Yahoo. In case the user logs in on any of these websites, the Trojan captures the login details and transmits them over to its remote controller. And for this, it uses certain JavaScript code, which collects the details such as username, password as well as the existing website that are then transmitted onto a particular China-based computer server.

States Avira that the targeted web-pages in general belong to Chinese websites -tudou.com, youku.com, soho.com and sogou.com.

Further, it posted on its blog that the language used to write the Trojan was Visual Basic and that the malware was neither packed nor disguised. Techblog.avira.com published this on December 14, 2010.

Ultimately, Avira's finding once more confirms what AhnLab another security company discovered during November 2010. In that month, AhnLab established that PC Trojans were the malware programs that were most prevalent, accounting for 46.1% of all malicious software. Consequently, they were the biggest danger to anyone's safety on the Internet.

Related article: Avira – Computer Users Trust Brands and Detection Rate for Buying Antivirus

» SPAMfighter News - 22-12-2010

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next