|
||
> Panda |
||
 |
||
|
|
| LATEST ANTIVIRUS THREATS | RESEARCH CENTER aNTIVIRUS |
Trojan-Spy.HTML.Paylap.hp This Trojan takes the form of a counterfeit HTML page and uses spoofing technology. It is designed to steal confidential information of users of the PayPal payment system. Upon entering the pay system site the user enters his or her account information, which is then uploaded to the intruder, who is able to use the information to acquire full access to the user's profile. The malicious HTML page exploits the Frame Spoof vulnerability (MS04-004) in the Internet Explorer browser. The vulnerability affects Internet Explorer versions 5-x and 6-x. Microsoft has published a description of the vulnerability at Microsoft.com , which includes information for recognizing false links. Trojan-Spy.HTML.Paylap.hn This Trojan takes the form of a counterfeit HTML page and uses spoofing technology. It is designed to steal confidential information of users of the PayPal payment system. The webpage contains an image with text and fake links: 
Upon clicking the fake links, a page is loaded which imitates a similar page on the website of the payment system. Upon entering the pay system site the user enters his or her account information, which is then uploaded to the intruder, who is able to use the information to acquire full access to the user's profile. The malicious HTML page exploits the Frame Spoof vulnerability (MS04-004) in the Internet Explorer browser. The vulnerability affects Internet Explorer versions 5-x and 6-x. Microsoft has published a description of the vulnerability at Microsoft.com , which includes information for recognizing false links. Trojan-PSW.Win32.Kesk.a Trojan-PSW.Win32.Kesk.a ( Kaspersky Lab ) is also known as: Trojan.PSW.Kesk.a ( Kaspersky Lab ), PWS-Zimenok ( McAfee ), PWSteal.Trojan ( Symantec ), Trojan.PWS.Zimenok.6 ( Doctor Web ), Troj/Zimenok ( Sophos ), PWS:Win32/Kesk.A ( RAV ), TROJ_ZIMENOK.06 ( Trend Micro ), TR/KeskPSW.B ( H+BEDV ), Win32:Trojan-gen. ( ALWIL ), Trojan.PSW.Kesk.A ( SOFTWIN ), Trojan Horse ( Panda ), Win32/PSW.Kesk.A ( Eset ) Trojan.Win32.AntiNOD.b Trojan.Win32.AntiNOD.b ( Kaspersky Lab ) is also known as: Generic Delphi ( McAfee ), W32.SillyP2P ( Symantec ), Trojan.Antinod ( Doctor Web ), Trojan:Win32/Nodfu.B ( RAV ), TROJ_ANTINOD.B ( Trend Micro ), TR/AntiNOD.B ( H+BEDV ), Win32:Trojan-gen. ( ALWIL ), Trojan.AntiNOD.B ( SOFTWIN ), Trojan.AntiNOD-2 ( ClamAV ), W32/Donrow.A.worm ( Panda ), Win32/Nodfu.B ( Eset ) Email-Worm.Win32.Warezov.ndTechnical Details This worm is a Windows PE EXE file. It is 90,304 bytes in size. It is packed using Upack. The unpacked file is approximately 237KB in size. Installation When launched, the worm creates the following files: %System%\shfoxpob.dat %System%\shfoxpob.exe %System%\shfoxpob.dllThe worm also creates the following system registry key: [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\shfoxpob] "DllName" = "%System%\shfoxpob.dll" "Startup" = "WlxStartupEvent" "Shutdown" = "WlxShutdownEvent" "Impersonate" = dword:00000000 "Asynchronous" = dword:00000000 Removal Instructions Îáíàðóæåíèå. Detection for this version of the worm was added to the Kaspersky Anti-Virus databases as an urgent update. If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
|
|
However, we are working on more parameters to make this survey even more rigorous. It is our commitment to be as close to reality as possible. Please do check back later. |
|
The offers may vary from time to time. The buyer is suggested to confirm the same from the respective websites