Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    August 2014
    S M T W T F S
    « Jul    
     12
    3456789
    10111213141516
    17181920212223
    24252627282930
    31  
  • About Us

    Aug17
    7:27 am (UTC-7)   |    by

    A multi-component malware currently detected by Trend Micro as TROJ_DROPPER.CIY drops and executes svchost.exe, detected as TSPY_ONLINEG.DRX, in the folder %Programfiles%Common Files. It also drops setup.exe in the same directory mentioned that is a WinPcap package consisting of npf.sys, wanpacket.dll, packet.dll , and wpcap.dll that are all essential in communicating with an affected user�s NIC card.



    So where’s the catch? Putting all the pieces together, what we have is an infostealer and files capable of meddling with network devices. This can cause quite a stir since the dropped malware makes use of ARP poisoning by redirecting network traffic to the compromised system as a means to collect sensitive information such as user names and passwords.





    Actual capture from infected network



    It can also insert a looooong string of B’s on an HTML file thus making some visited sites experience minor defacement.








    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice