Aug17
7:27 am (UTC-7)   |   by Trend Micro

A multi-component malware currently detected by Trend Micro as TROJ_DROPPER.CIY drops and executes svchost.exe, detected as TSPY_ONLINEG.DRX, in the folder %Programfiles%Common Files. It also drops setup.exe in the same directory mentioned that is a WinPcap package consisting of npf.sys, wanpacket.dll, packet.dll , and wpcap.dll that are all essential in communicating with an affected user�s NIC card.



So where’s the catch? Putting all the pieces together, what we have is an infostealer and files capable of meddling with network devices. This can cause quite a stir since the dropped malware makes use of ARP poisoning by redirecting network traffic to the compromised system as a means to collect sensitive information such as user names and passwords.





Actual capture from infected network



It can also insert a looooong string of B’s on an HTML file thus making some visited sites experience minor defacement.




If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!



This entry was posted on Friday, August 17th, 2007 at 7:27 am and is filed under Uncategorized . Responses are closed, but you can trackback from your own site.



Comments are closed.


Rogue Domain Name System Servers [reposted]
English Phishing on Japanese Shores


 
TrendWatch Hijack This Web Protection Add-On
Free Online Virus Scan Rootkit Buster Submit Suspicious Files
Global Malware Map RUBotted? Trend Micro
 



    		 
© Copyright 2009 Trend Micro Inc. All rights reserved. Legal Notice