Home / malware Trojan:Win32/Koobface.gen!J
First posted on 25 February 2010.
Source: SecurityHomeAliases :
There are no other names known for Trojan:Win32/Koobface.gen!J.
Explanation :
Trojan:Win32/Koobface.gen!J is a component of the greater Win32/Koobface family of trojans. It is used to trick the affected user into breaking CAPTCHAs of the attacker's choice.
Top
Trojan:Win32/Koobface.gen!J is a component of the greater Win32/Koobface family of trojans. It is used to trick the affected user into breaking CAPTCHAs of the attacker's choice.
Installation
When executed the trojan drops the following files%program_files%\captcha.dll %program_files%\captcha.bat and adds the following registry entry to execute at each Windows start Sets value: "Captcha7"
With data: "rundll "%program_files%\captcha.dll",captcha"
To subkey: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Payload
Tricks user into breaking CAPTCHAs supplied by the trojan On execution the trojan connects to one of a list of remote hosts contained in its code in order to retrieve configuration data. In the wild, for example, we have seen this trojan contact the following hosts for this purpose: www.economy.rags.ru juanfurlan.com.ar usv-krakaudorf.at themasterengraver.com The trojan displays the following dialog in order to convince the user to enter the text corresponding to the specified CAPTCHAs. This information is then sent back to the remote host. Additional informationFor more information on Win32/Koobface, please see our family description elsewhere in the encyclopedia.
Analysis by Ray RobertsLast update 25 February 2010
