MMPC Identifies One Fresh Trojan Installer

Security investigators from MMPC (Microsoft malware Protection Center) recently detected one crafty Trojan installer known as TrojanDownloader:Win32/Nemim.gen!A, published Softpedia.com dated April 15, 2013.

Reportedly, soon after the Trojan attacks any PC, it recovers twin component files namely PWS:Win32/Nemim.A and Virus:Win32/Nemim.gen!A.

A file contaminator, Virus:Win32/Nemim.gen!A seeks towards contaminating .exe files within detachable devices. These contaminated files get identified as well as subsequently sanitized to become Virus:Win32/Nemim.A. The malware attaches its module onto Host file without contaminating other files. In place of that, it merely installs and runs TrojanDownloader:Win32/Nemim.gen!A.

Meanwhile, PWS:Win32/Nemim.A represents a password seizer, which's capable of digging e-mail account passwords used within the affected computer, together with passwords for Google Notifier, Google Desktop, Google Talk, and Live Messenger.

When the stated two components fulfill the purposes each is created for, the installer erases them wholly so they'll then never get recovered.

Remarking about the malware's above characteristic, Security Researcher Jonathan San Jose of MMPC stated that it stopped the files against getting quarantined as also assessed. Therefore, when the installer was analyzed, one mightn't, without difficulty, detect any of the pulled down component files, despite the utilization of file retrieval products. All that might be evident were some sort of dubious erased filenames, although the exact file matter mightn't get recovered, San Jose explained. Darkreading.com published this dated April 15, 2013.

However, a streak of luck enabled the researcher to find a few strains of the Trojan.

San Jose said that the majority of URLs to which the malware tried to link up with to get itself downloaded were presently unavailable, however, the MMPC team got fortunate because it managed to locate a few of the malware's elements for probing further. Blogs.technet.com published this dated April 14, 2013.

Microsoft stated that the Trojan at times camouflaged itself to look like one exhibit graphics driver, usually in the form of an igfxext.exe file.

According to San Jose, anyone contaminated with the TrojanDownloader:Win32/Nemim.gen!A malware is advised to reset each and every account password following a cleansing drive of his machine since it may so happen that he as well contracts the password-seizer, PWS:Win32/Nemim.A.

Related article: MMPC Detects phishing E-mails that use Verizon’s Name

» SPAMfighter News - 4/20/2013