Avira Finds Fresh Information-Capturing Trojan
Malware analysts from Avira the German anti-virus company are cautioning that one fresh PC Trojan that steals information, is compromising file shortcuts so that its execution is confirmed over a PC it contaminates.
The Trojan, understandably, hunts the desktop for shortcut files with .lnk extension within an already-specified list of folders. Thereafter it reads those files' targets as well as changes the names of the files to [original_name].exe. Having done so, it replicates itself, names the copies as they were originally as also within the identical folders so that when end-users double-click the shortcuts, the duplicate Trojans begin to run.
Meanwhile, the duplicates carry directions for executing the newly named files following their own execution so that there's no evidence of the hijacking operation and it's covered up.
Elaborates Virus Researcher Alexandru Dinu at Avira, often the user fails to see the replacement of the .lnk files' targets and thereby unable to detect the Trojan for a long time. Softpedia.com reported this on December 14, 2010.
States Avira that the targeted web-pages in general belong to Chinese websites -tudou.com, youku.com, soho.com and sogou.com.
Further, it posted on its blog that the language used to write the Trojan was Visual Basic and that the malware was neither packed nor disguised. Techblog.avira.com published this on December 14, 2010.
Ultimately, Avira's finding once more confirms what AhnLab another security company discovered during November 2010. In that month, AhnLab established that PC Trojans were the malware programs that were most prevalent, accounting for 46.1% of all malicious software. Consequently, they were the biggest danger to anyone's safety on the Internet.
» SPAMfighter News - 22-12-2010