Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    7:27 am (UTC-7)   |    by

    A multi-component malware currently detected by Trend Micro as TROJ_DROPPER.CIY drops and executes svchost.exe, detected as TSPY_ONLINEG.DRX, in the folder %Programfiles%Common Files. It also drops setup.exe in the same directory mentioned that is a WinPcap package consisting of npf.sys, wanpacket.dll, packet.dll , and wpcap.dll that are all essential in communicating with an affected user�s NIC card.

    So where’s the catch? Putting all the pieces together, what we have is an infostealer and files capable of meddling with network devices. This can cause quite a stir since the dropped malware makes use of ARP poisoning by redirecting network traffic to the compromised system as a means to collect sensitive information such as user names and passwords.

    Actual capture from infected network

    It can also insert a looooong string of B’s on an HTML file thus making some visited sites experience minor defacement.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    Comments are closed.


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice