OTHER MALWARES Part 7

Publié le par SSTA



On  part 7 and 8 we'll illustrate trojan spy and trojan bankers, a kind of brazilian speciality...
People who use to surf on .br or .por domains should take a look at this site where an helpful forum and a specific tool are dedicated in the eradication of this kind of pest.
As malwares coders are more and more driven by money since a few years, this invasion of trojan spy in Europe and all other countries is just a beginning as it was the case with this example of social engineering attack vector.
Firekeeper extension can also be helpful against this kind of malwares (the site include many trojan spy descriptions).
An example of  these files, disguised as image, html file, .exe, flash game etc.








-Trojan Downloader.Win32.Small.cou: P1/P2









Hidden install:





-Trojan Spy Nillage.awz: P1/P2













-Trojan Start page  : P1/P2











-Trojan Spy Bancos.ze: P1/P2









-Trojan Banker.ch: P1/P2








-Porn-Dialer Adult Browser: P1/P2

Dialer is not a problem for DSL connections, but no one should ignore that the surf on porn sites is one the most common vector of infection.











-Adware BookedSpace: P1/P2












NB. we consider that the malware is prevented from being permanent (Run key), but the PDM has not blocked the malware which's still running, and frequently tries to open connection: an interesting adware with "rebirth behavior" (once killed, it restarts itself).


-Adware Win32.Dm.y (kav) : P1/P2














-Adware PluginDL.a: F1/P2




Classical browser hijacking of IE:








-Backdoor Hupigon.elw: P1/P2













-Backdoor IRCBot.yc: P1/P2




The rollback has failed (access denied):











-Trojan Banker.bsh: P1/P2





-Trojan Spy Banker.cap: P1/P2












-Trojan dropper Small.rc: P1/P2





-Trojan Downloader Banload.agp: F1/P2



The first goal of this trojan downloader is not to be permanent but to connect with a server located in South America:


















Publié dans KASPERSKY 6 TEST

Commenter cet article