HOTforSecurity
  • Home
  • Threats
    • Security alerts
    • Social Networks Security
    • Mobile & Gadgets Security
    • Tips and Tricks
  • Smart Home Security
  • Digital Privacy
    • Digital Identity
    • Good Practices
    • Data Breach Alerts
  • Work from Home: Safety Tips
  • The ABC of Cybersecurity
  • Security Videos
HOTforSecurity
  • Home
  • Threats
    • Security alerts
    • Social Networks Security
    • Mobile & Gadgets Security
    • Tips and Tricks
  • Smart Home Security
  • Digital Privacy
    • Digital Identity
    • Good Practices
    • Data Breach Alerts
  • Work from Home: Safety Tips
  • The ABC of Cybersecurity
  • Security Videos
HOTforSecurity
  • Home
  • Threats
    • Security alerts
    • Social Networks Security
    • Mobile & Gadgets Security
    • Tips and Tricks
  • Smart Home Security
  • Digital Privacy
    • Digital Identity
    • Good Practices
    • Data Breach Alerts
  • Work from Home: Safety Tips
  • The ABC of Cybersecurity
  • Security Videos
    Share This!
  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn
  • ReddIt
WEEKLY REVIEW

BitDefender weekly review

September 11, 2009
2 Min Read
If you're playing Metin2, Flyff, MapleStoryhe, Lord of the Rings Online, Knight Online, Guild Wars or Age of Conan beware of the new account stealing Trojan that is currently spreading in the wild. Also take note of another malware that is transforming infected computers into spamming relays.

Normal
0

false
false
false

EN-US
X-NONE
X-NONE

MicrosoftInternetExplorer4

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:”Table Normal”;
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:””;
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:”Times New Roman”,”serif”;}

Trojan.Autorun.ALG

The purpose
of this Trojan is to steal login information from massive multiplayer online
role playing games (MMORPGs). When executed, the e-threat will create two files
inside %temp%: herss.exe (a copy of itself) and cvasds0.dll which will be
injected in every running process.

Additionally
it will create “3c.exe” and an autorun.inf file pointing at the executable,
inside the root folders of ever accessible drive. As a result, the Trojan will
be executed every time any of the drives are accessed.

It will
also make certain registry changes in order to ensure the file herss.exe will
be executed on every reboot. Show hidden files and folders is disabled as well
by making changes to the registry.

The
infected DLL file is responsible of the actual account stealing.

 

Trojan.Tofsee.AM

When the
malware is run, the program makes two copies of itself in
%windir%system32[random-name].exe and %userprofile%[random-name2].exe. They
will also be added to the registry in order for them to be executed at every
system startup.

Next the
%windir%system32[random-name].exe is executed and the initial file is deleted
using a bat file. This executable will modify the security settings of Internet
Explorer and add itself to the Windows Firewall trusted application list.

The malware
will try to connect to the following servers to get new instrucitons: 193.27.246.157,
212.95.32.52, 89.107.104.110, 213.155.7.242.

The
infected computer is then transformed into a spamming relay, in this sense a
smtp server and an email generator is implemented in the malware body.

Information
in this article is available courtesy of BitDefender virus researcher: Lutas
Andrei Vlad and Ovidiu Visoiu

Tagsaccount autorun dll e-threat infected MMORPG trojan

You may also like

WEEKLY REVIEW

[Malware Review] Nasty Backdoor.IRCBot.ADEN is Back in Business

July 5, 2011
WEEKLY REVIEW

[Malware Review] Backdoor.Qakbot.H

May 10, 2011
WEEKLY REVIEW

[Malware Review] Rootkit Advertises Games and Media Applications

November 29, 2010

About the author

View All Posts

BitDefender weekly review
BitDefender weekly review
    Share This!
  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn
  • ReddIt

Promo

1.3m
Fans
Like
104.0k
Followers
Follow
2.7k
Subscribers
Subscribe
▲ 1
17
Subscribers
subscribe
1.4m
Fans Love us

Recent shouts

  • Meurig Parri on Microsoft Ends Support for Windows 7. What You Need to Know
  • Kevin on Cable Haunt vulnerability affects millions of Broadcom cable modems
  • Terry on Ransomware attack forces Arkansas CEO to fire 300 employees days before Christmas
  • Martin on 1&1 Telecom GmbH hit by almost €10 million GDPR fine over poor security at call centre
  • Xander on 1&1 Telecom GmbH hit by almost €10 million GDPR fine over poor security at call centre

Time Machine

September 2020
M T W T F S S
 123456
78910111213
14151617181920
21222324252627
282930  
« Aug    

ANTIVIRUS SOFTWARE FOR HOME USERS

Bitdefender Cybersecurity for Smart Home
Bitdefender Complete Protection
Bitdefender PC Protection
Bitdefender Antivirus for Mac
Bitdefender Mobile Security for Android
Bitdefender Product Comparison

BUSINESS SOLUTIONS

Bitdefender GravityZone Business Security
Bitdefender GravityZone Advanced Business Security
Bitdefender GravityZone Enterprise Security
Bitdefender Hypervisor Introspection

TOOLS & RESOURCES

Renewal for Business Customers
Trial Downloads
Free Antivirus
Free Online Virus Scanner
Free Virus Removal Tools
Live Remote Assistance
Free Tools
Bug Bounty
Press Center

Powered by Bitdefender - a leading cyber security technology provider | Copyright © 2008 - 2016. All rights reserved.
  • Home
  • The Team
  • Terms and Conditions
  • Contact
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok