Asian Online Gamers at Receiving End of Trojans in October

On November 12, 2007, ESET declared that a Trojan that aims Internet gamers, especially of Asian origin, was the foremost danger to PC users during October.

The ThreatSense.Net tool (of ESET), that gives detection figures from innumerable client machines worldwide, revealed that Win32/PSW.Agent.NDP trojans made up for 5.73% of the total detections.

The software purloins data from various origins prior to transmitting the information back to a distant hacker.

According to ESET's researcher Pierre Marc Bureau, Agent.NDP is a fascinating Trojan that does not take advantage of any security flaw and nor does it control its own mailing engine, as reported on November 12, 2007 by sourcewire. trojans are usually utilized to carry out identity theft and other malevolent activities. In this case, Agent.NDP appears to aim Forthgoer and AskTao, the favored Chinese Internet games, trying to burgle details like user IDs and passwords that can later be used in various ways for criminal benefit.

Apparently set up after being downloaded from some site, upon running, Agent.NDP replicates itself in the computer user's temporary directory and saves a DLL in the self-same folder. After that, it inserts the DLL's address into explorer.exe to observe the computer's execution and locate the data it is seeking.

The second major threat in October for ESET was INF/Autorun, representing 3.45% of all discoveries.

INF/Autorun accounts for a range of malicious software that exploits the autorun.inf file which includes data for running codes automatically as soon as removable media are put into a PC.

The third most dangerous Trojan detected was the Win32/TrojanDownloader.Ani.gen. This menace is meant to exploit a flaw in Windows whilst the OS deals with the ani files. The fourth ranking virus in October was Win32/Adware.Virtumonde with about 2.72% of discoveries.

Win32/Agent.BCK occupied the fifth position. This group of Agent threats is exploited to produce botnets, purloin passwords, and position trapdoor and keylogger characteristics.

In sixth place was ESET's discovery Win32/Adware.Virtumonde.FP. Virtumonde.FP is a part of the Virtumonde group of adware threats. The Win32/Agent came at the seventh position.

The remaining three places in October's top 10 list were occupied by the malware IRC/SDBot, Win32/RJump.A, and Win32/Adware.Agent. These three threats represent somewhere around 1.12% and 1.07% of each detection.

Related article: ACMA Unleashes SpamMATTERS - the New anti-spam Button

» SPAMfighter News - 11/28/2007